| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Deal Finder eingefangen und evtl auch andere PlagegeisterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
16.06.2013, 08:00
| #1 |
 |  Deal Finder eingefangen und evtl auch andere Plagegeister Hallo Zusammen Ich gehöre jetzt auch zu den Glücklichen die sich den Deal Finder eingefangen haben. Auf ziemlich jeder Seite öffnen sich Fenster und wollen mir was andrehen. Auch startet der Rechner gerne mal ohne Anweisung neu, und auch Programme gehen gerne mal auf die ich nicht gestartet habe. Ich habe mal einen vollständigen Suchlauf mit Malwarebytes Anti-Malware durchgeführt und auch einen Treffer gelandet. Ich bitte um eure Hilfe. Danke! Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Mike :: MIKE-PC [Administrator] 16.06.2013 07:31:55 mbam-log-2013-06-16 (07-31-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 470229 Laufzeit: 1 Stunde(n), 21 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
16.06.2013, 09:10
| #2 |
| /// the machine /// TB-Ausbilder    | Deal Finder eingefangen und evtl auch andere Plagegeister hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
16.06.2013, 09:30
| #3 |
| | Deal Finder eingefangen und evtl auch andere PlagegeisterFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013 Ran by Mike (administrator) on 16-06-2013 10:20:39 Running from C:\Users\Mike\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (ABBYY) C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Windows\system32\dmwu.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Microsoft) C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUI.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Windows\SysWOW64\jmdp\stij.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\javaw.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8312352 2009-11-02] (Realtek Semiconductor) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6869080 2013-02-11] (SlySoft, Inc.) HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672640 2013-03-14] (Disc Soft Ltd) HKCU\...\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto [201808 2013-01-31] (Somoto) HKCU\...\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883840 2009-07-26] (Microsoft Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-25] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-26] () HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-10-08] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-07-11] (Nullsoft, Inc.) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.) HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-22] () HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-22] () HKU\UpdatusUser\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-22] () Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=119781&tt=gc_&babsrc=HP_ss_din2g&mntrId=C21B4487FCA8727B HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1850&r=17361110q106pe405v115r46l2s834 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119781&tt=gc_&babsrc=SP_ss&mntrId=C21B4487FCA8727B SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll (Plus HD) BHO-x32: HP Smart Print BHO - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default FF SelectedSearchEngine: SweetIM Search FF Homepage: hxxp://www.t-online.de/ FF Keyword.URL: hxxp://search.sweetim.com/search.asp?src=6&barid={29474EC1-D5F1-11E2-91A1-4487FCA8727B}&crg=3.1010000.10039&st=23&ptr=100&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi ==================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-25] () R2 ABBYY.Licensing.PDFTransformer.Site License.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-27] (Avira Operations GmbH & Co. KG) S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [238328 2009-10-10] (WildTangent, Inc.) R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-24] () R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) ==================== Drivers (Whitelisted) ==================== R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-27] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-20] (DT Soft Ltd) S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-16] (Duplex Secure Ltd.) U3 ae8ublez; C:\Windows\System32\Drivers\ae8ublez.sys [0 ] (Silicon Integrated Systems Corp.) S1 awcznrnp; \??\C:\Windows\system32\drivers\awcznrnp.sys [x] S1 axdxfucm; \??\C:\Windows\system32\drivers\axdxfucm.sys [x] S1 bwddvlip; \??\C:\Windows\system32\drivers\bwddvlip.sys [x] S1 cprquehu; \??\C:\Windows\system32\drivers\cprquehu.sys [x] S3 cpuz132; \??\C:\Users\Mike\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x] S1 crbanlbr; \??\C:\Windows\system32\drivers\crbanlbr.sys [x] S1 dkotyvqg; \??\C:\Windows\system32\drivers\dkotyvqg.sys [x] S1 ecouzyth; \??\C:\Windows\system32\drivers\ecouzyth.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] S1 fbnwrvkg; \??\C:\Windows\system32\drivers\fbnwrvkg.sys [x] S1 figjbkgd; \??\C:\Windows\system32\drivers\figjbkgd.sys [x] S1 fjgvtbun; \??\C:\Windows\system32\drivers\fjgvtbun.sys [x] S1 fumuhlah; \??\C:\Windows\system32\drivers\fumuhlah.sys [x] S1 ghulqygu; \??\C:\Windows\system32\drivers\ghulqygu.sys [x] S1 gytutppy; \??\C:\Windows\system32\drivers\gytutppy.sys [x] S1 hboelqic; \??\C:\Windows\system32\drivers\hboelqic.sys [x] S1 hbtngzps; \??\C:\Windows\system32\drivers\hbtngzps.sys [x] S1 hmzgqbcb; \??\C:\Windows\system32\drivers\hmzgqbcb.sys [x] S1 hsalxbjm; \??\C:\Windows\system32\drivers\hsalxbjm.sys [x] S1 ibounzvk; \??\C:\Windows\system32\drivers\ibounzvk.sys [x] S1 ikccvsfz; \??\C:\Windows\system32\drivers\ikccvsfz.sys [x] S1 itxxvtub; \??\C:\Windows\system32\drivers\itxxvtub.sys [x] S1 kjrqtluh; \??\C:\Windows\system32\drivers\kjrqtluh.sys [x] S1 kpsxboet; \??\C:\Windows\system32\drivers\kpsxboet.sys [x] S1 kspeywng; \??\C:\Windows\system32\drivers\kspeywng.sys [x] S1 lbzpvmqv; \??\C:\Windows\system32\drivers\lbzpvmqv.sys [x] S1 lszxvuwg; \??\C:\Windows\system32\drivers\lszxvuwg.sys [x] S1 mccngvek; \??\C:\Windows\system32\drivers\mccngvek.sys [x] S1 mdicgsjk; \??\C:\Windows\system32\drivers\mdicgsjk.sys [x] S1 mqixzscz; \??\C:\Windows\system32\drivers\mqixzscz.sys [x] S1 msuindag; \??\C:\Windows\system32\drivers\msuindag.sys [x] S1 niozdyml; \??\C:\Windows\system32\drivers\niozdyml.sys [x] S1 nyzctwrf; \??\C:\Windows\system32\drivers\nyzctwrf.sys [x] S1 ocjadhqv; \??\C:\Windows\system32\drivers\ocjadhqv.sys [x] S1 oigajvie; \??\C:\Windows\system32\drivers\oigajvie.sys [x] S1 oprzdfuo; \??\C:\Windows\system32\drivers\oprzdfuo.sys [x] S1 orwmdtfm; \??\C:\Windows\system32\drivers\orwmdtfm.sys [x] S1 oxwrcqcy; \??\C:\Windows\system32\drivers\oxwrcqcy.sys [x] S1 phfvrgwh; \??\C:\Windows\system32\drivers\phfvrgwh.sys [x] S1 pjcfpant; \??\C:\Windows\system32\drivers\pjcfpant.sys [x] S1 plhpktib; \??\C:\Windows\system32\drivers\plhpktib.sys [x] S1 pqhrejwu; \??\C:\Windows\system32\drivers\pqhrejwu.sys [x] S1 qetdlkmt; \??\C:\Windows\system32\drivers\qetdlkmt.sys [x] S1 qfqkfabl; \??\C:\Windows\system32\drivers\qfqkfabl.sys [x] S1 qnkuvvak; \??\C:\Windows\system32\drivers\qnkuvvak.sys [x] S1 reolktay; \??\C:\Windows\system32\drivers\reolktay.sys [x] S1 rgtbdpfp; \??\C:\Windows\system32\drivers\rgtbdpfp.sys [x] S1 rhqyeazl; \??\C:\Windows\system32\drivers\rhqyeazl.sys [x] S1 rmnugqgp; \??\C:\Windows\system32\drivers\rmnugqgp.sys [x] S1 ruvxhgtb; \??\C:\Windows\system32\drivers\ruvxhgtb.sys [x] S1 sanpxhga; \??\C:\Windows\system32\drivers\sanpxhga.sys [x] S1 sbxputqo; \??\C:\Windows\system32\drivers\sbxputqo.sys [x] S1 sgnshsat; \??\C:\Windows\system32\drivers\sgnshsat.sys [x] S1 tvplmoni; \??\C:\Windows\system32\drivers\tvplmoni.sys [x] S1 tyrdbefy; \??\C:\Windows\system32\drivers\tyrdbefy.sys [x] S1 ucgodlmt; \??\C:\Windows\system32\drivers\ucgodlmt.sys [x] S1 uedctjja; \??\C:\Windows\system32\drivers\uedctjja.sys [x] S1 vahrlmxc; \??\C:\Windows\system32\drivers\vahrlmxc.sys [x] S1 vcvuuzmw; \??\C:\Windows\system32\drivers\vcvuuzmw.sys [x] S1 veaauvmh; \??\C:\Windows\system32\drivers\veaauvmh.sys [x] S1 vetnlooa; \??\C:\Windows\system32\drivers\vetnlooa.sys [x] S1 vnlcwopc; \??\C:\Windows\system32\drivers\vnlcwopc.sys [x] S1 vtndwbsb; \??\C:\Windows\system32\drivers\vtndwbsb.sys [x] S1 wdhxyita; \??\C:\Windows\system32\drivers\wdhxyita.sys [x] S1 wqazbfjq; \??\C:\Windows\system32\drivers\wqazbfjq.sys [x] S1 wukdweuw; \??\C:\Windows\system32\drivers\wukdweuw.sys [x] S1 wwiqhkwe; \??\C:\Windows\system32\drivers\wwiqhkwe.sys [x] S1 xkzacprj; \??\C:\Windows\system32\drivers\xkzacprj.sys [x] S1 xsfwvrca; \??\C:\Windows\system32\drivers\xsfwvrca.sys [x] S1 yenbmchu; \??\C:\Windows\system32\drivers\yenbmchu.sys [x] S1 yfabucqn; \??\C:\Windows\system32\drivers\yfabucqn.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-16 10:20 - 2013-06-16 10:20 - 01920546 ____A (Farbar) C:\Users\Mike\Downloads\FRST64.exe 2013-06-16 10:20 - 2013-06-16 10:20 - 00000000 ____D C:\FRST 2013-06-16 03:00 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-16 03:00 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-16 03:00 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-16 03:00 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-16 03:00 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-16 03:00 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-16 03:00 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-16 03:00 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-16 03:00 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-16 03:00 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-16 03:00 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-16 03:00 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-15 21:24 - 2013-06-16 03:18 - 00000000 ____D C:\Users\Mike\Tracing 2013-06-15 21:24 - 2013-06-16 03:17 - 00000000 ____D C:\Windows\SysWOW64\WNLT 2013-06-15 21:24 - 2013-06-15 21:25 - 00000000 ____D C:\Program Files (x86)\SweetIM 2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Windows\SysWOW64\jmdp 2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Windows\SysWOW64\ARFC 2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\ProgramData\SweetIM 2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Program Files (x86)\FilesFrog Update Checker 2013-06-15 21:24 - 2013-05-16 14:32 - 01277744 ____A C:\Windows\System32\dmwu.exe 2013-06-15 21:24 - 2013-05-16 14:31 - 00035328 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll 2013-06-15 21:23 - 2013-06-15 21:23 - 00162016 ____A () C:\Users\Mike\Downloads\7ZipSetup.exe 2013-06-14 20:57 - 2013-06-14 20:57 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-06-14 20:57 - 2013-06-14 20:57 - 00000000 ____A C:\autoexec.bat 2013-06-14 20:56 - 2013-06-15 08:45 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP 2013-06-14 20:56 - 2013-06-14 20:56 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Mike\Downloads\SpyHunter-Installer.exe 2013-06-12 18:10 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 18:10 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 18:10 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 18:10 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 18:10 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 18:10 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 18:10 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 18:10 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 18:10 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 18:10 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 18:10 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 18:10 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 18:10 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 18:10 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 18:10 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 18:10 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 18:10 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 18:10 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 18:10 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 11:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 11:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 11:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 11:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 11:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 11:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 11:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 11:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 11:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 11:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 11:42 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 11:42 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 11:42 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-08 23:44 - 2013-06-08 23:44 - 00000172 ____A C:\Users\Mike\Downloads\4.41_Version_Spoofer_2.3_Links(1).rar 2013-06-08 22:58 - 2013-06-08 22:58 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-06-08 22:58 - 2013-06-08 22:58 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-06-05 11:47 - 2013-06-05 11:47 - 00161657 ____A C:\Users\Mike\Downloads\RebellionOnlyGerman.zip 2013-06-05 08:04 - 2013-06-05 08:04 - 00100714 ____A C:\Users\Mike\Downloads\star.wars.-.empire.at.war.keygen-tsrh.zip 2013-06-04 22:45 - 2013-06-04 22:45 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Babylon 2013-06-04 22:45 - 2013-06-04 22:45 - 00000000 ____D C:\ProgramData\Babylon 2013-06-04 22:44 - 2013-06-16 04:44 - 00001828 ____A C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job 2013-06-04 22:44 - 2013-06-16 04:44 - 00001196 ____A C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job 2013-06-04 22:44 - 2013-06-16 04:44 - 00001192 ____A C:\Windows\Tasks\Plus-HD-2.2-updater.job 2013-06-04 22:44 - 2013-06-16 04:44 - 00001096 ____A C:\Windows\Tasks\Plus-HD-2.2-enabler.job 2013-06-04 22:44 - 2013-06-04 22:44 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.2 2013-06-04 22:43 - 2013-06-04 22:43 - 00000000 ____D C:\Users\Mike\AppData\Local\PutLockerDownloader 2013-06-03 22:41 - 2013-06-03 22:41 - 00000000 ____D C:\Users\Public\Documents\Stardock 2013-06-03 22:41 - 2013-06-03 22:41 - 00000000 ____D C:\Users\Mike\AppData\Local\Stardock 2013-06-03 22:38 - 2013-06-03 22:38 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Stardock 2013-06-03 22:37 - 2013-06-03 22:41 - 00000000 ____D C:\ProgramData\Stardock 2013-06-03 22:28 - 2013-06-03 22:28 - 00000000 ____D C:\Users\Mike\AppData\Local\PackageAware 2013-06-02 20:26 - 2013-06-02 20:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\StarDrive 2013-06-02 20:24 - 2013-06-02 20:24 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA 2013-06-01 19:53 - 2013-06-05 19:58 - 00000274 ____A C:\Windows\Tasks\DLL-files.com Fixer_MONTHLY.job 2013-06-01 19:53 - 2013-06-02 08:05 - 00000290 ____A C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job 2013-06-01 19:53 - 2013-06-01 19:53 - 00000000 ____D C:\Users\Mike\AppData\Roaming\dll-files.com 2013-06-01 19:53 - 2013-06-01 19:53 - 00000000 ____D C:\Program Files (x86)\Dll-Files.com Fixer 2013-06-01 19:52 - 2013-06-01 19:52 - 03549128 ____A C:\Users\Mike\Downloads\privat.rar 2013-06-01 19:22 - 2013-06-01 19:31 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Reign of Augustus 2013-06-01 08:12 - 2013-06-01 08:12 - 00875472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll 2013-06-01 08:03 - 2013-06-01 08:03 - 00535008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll 2013-06-01 07:57 - 2013-04-11 16:12 - 00019392 ____A (Dll-Files.com) C:\Windows\System32\roboot64.exe 2013-06-01 07:56 - 2013-06-01 07:56 - 04241280 ____A (Dll-Files.com ) C:\Users\Mike\Downloads\dffsetup-msvcp110.exe 2013-05-31 08:51 - 2013-05-31 08:51 - 00000000 ____D C:\ProgramData\Package Cache 2013-05-27 11:26 - 2013-05-27 11:26 - 00000000 ____D C:\Users\Mike\Documents\FUSSBALL MANAGER 13 2013-05-24 11:16 - 2013-06-15 21:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-20 10:51 - 2013-05-20 10:51 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys 2013-05-20 10:51 - 2013-05-20 10:51 - 00000000 ____D C:\Users\Mike\AppData\Roaming\OpenCandy 2013-05-20 10:51 - 2013-05-20 10:51 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite 2013-05-18 19:24 - 2013-05-18 19:24 - 09304264 ____A (Wargaming.net ) C:\Users\Mike\Downloads\WoT_internet_install_eu.exe ==================== One Month Modified Files and Folders ======= 2013-06-16 10:20 - 2013-06-16 10:20 - 01920546 ____A (Farbar) C:\Users\Mike\Downloads\FRST64.exe 2013-06-16 10:20 - 2013-06-16 10:20 - 00000000 ____D C:\FRST 2013-06-16 10:17 - 2010-11-05 12:46 - 00000000 ____D C:\Users\Mike\Desktop\JDownloader 2013-06-16 10:10 - 2012-04-23 08:36 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-16 09:47 - 2011-08-07 21:01 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-16 07:29 - 2010-05-26 07:15 - 02097100 ____A C:\Windows\WindowsUpdate.log 2013-06-16 04:44 - 2013-06-04 22:44 - 00001828 ____A C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job 2013-06-16 04:44 - 2013-06-04 22:44 - 00001196 ____A C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job 2013-06-16 04:44 - 2013-06-04 22:44 - 00001192 ____A C:\Windows\Tasks\Plus-HD-2.2-updater.job 2013-06-16 04:44 - 2013-06-04 22:44 - 00001096 ____A C:\Windows\Tasks\Plus-HD-2.2-enabler.job 2013-06-16 03:25 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-16 03:25 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-16 03:18 - 2013-06-15 21:24 - 00000000 ____D C:\Users\Mike\Tracing 2013-06-16 03:18 - 2013-02-13 22:40 - 00000040 ___SH C:\ProgramData\.zreglib 2013-06-16 03:18 - 2011-08-07 21:01 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-16 03:17 - 2013-06-15 21:24 - 00000000 ____D C:\Windows\SysWOW64\WNLT 2013-06-16 03:17 - 2011-07-10 13:18 - 00057142 ____A C:\Windows\PFRO.log 2013-06-16 03:17 - 2011-07-06 08:43 - 00057045 ____A C:\Windows\setupact.log 2013-06-16 03:17 - 2010-05-26 07:24 - 00000000 ____D C:\ProgramData\NVIDIA 2013-06-16 03:17 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-15 23:09 - 2010-11-05 14:05 - 00000000 ____D C:\Users\Mike\Documents\Outlook-Dateien 2013-06-15 21:25 - 2013-06-15 21:24 - 00000000 ____D C:\Program Files (x86)\SweetIM 2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Windows\SysWOW64\jmdp 2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Windows\SysWOW64\ARFC 2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\ProgramData\SweetIM 2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Program Files (x86)\FilesFrog Update Checker 2013-06-15 21:24 - 2013-05-24 11:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-15 21:24 - 2011-05-21 19:01 - 00000000 ____D C:\Users\Mike\AppData\Roaming\ICQ 2013-06-15 21:24 - 2010-11-05 12:22 - 00000000 ____D C:\users\Mike 2013-06-15 21:23 - 2013-06-15 21:23 - 00162016 ____A () C:\Users\Mike\Downloads\7ZipSetup.exe 2013-06-15 08:45 - 2013-06-14 20:56 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP 2013-06-14 21:01 - 2010-11-05 13:11 - 00000000 ____D C:\Users\Mike\Desktop\Michi 2013-06-14 20:57 - 2013-06-14 20:57 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-06-14 20:57 - 2013-06-14 20:57 - 00000000 ____A C:\autoexec.bat 2013-06-14 20:56 - 2013-06-14 20:56 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Mike\Downloads\SpyHunter-Installer.exe 2013-06-13 11:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-12 18:11 - 2011-06-30 19:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 14:10 - 2012-04-23 08:36 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 14:10 - 2012-02-02 19:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-11 15:41 - 2011-07-02 09:29 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server 2013-06-08 23:46 - 2011-02-26 15:10 - 00000000 ____D C:\Users\Mike\Desktop\PS3 Jailbreak 2013-06-08 23:44 - 2013-06-08 23:44 - 00000172 ____A C:\Users\Mike\Downloads\4.41_Version_Spoofer_2.3_Links(1).rar 2013-06-08 22:58 - 2013-06-08 22:58 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-06-08 22:58 - 2013-06-08 22:58 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-06-08 21:40 - 2010-05-26 16:56 - 00700342 ____A C:\Windows\System32\perfh007.dat 2013-06-08 21:40 - 2010-05-26 16:56 - 00149138 ____A C:\Windows\System32\perfc007.dat 2013-06-08 21:40 - 2009-07-14 07:13 - 01621940 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-08 16:08 - 2013-06-16 03:00 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-16 03:00 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-16 03:00 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-16 03:00 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-16 03:00 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-16 03:00 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-16 03:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-16 03:00 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-16 03:00 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-16 03:00 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-05 19:58 - 2013-06-01 19:53 - 00000274 ____A C:\Windows\Tasks\DLL-files.com Fixer_MONTHLY.job 2013-06-05 11:47 - 2013-06-05 11:47 - 00161657 ____A C:\Users\Mike\Downloads\RebellionOnlyGerman.zip 2013-06-05 11:45 - 2011-06-18 17:24 - 00000000 ____D C:\Users\Mike\Documents\My Games 2013-06-05 11:40 - 2011-09-27 22:44 - 00000000 ____D C:\Users\Mike\Desktop\Spiele 2013-06-05 08:24 - 2010-05-22 08:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-05 08:09 - 2011-08-21 13:39 - 01024634 ____A C:\Windows\DirectX.log 2013-06-05 08:04 - 2013-06-05 08:04 - 00100714 ____A C:\Users\Mike\Downloads\star.wars.-.empire.at.war.keygen-tsrh.zip 2013-06-04 22:45 - 2013-06-04 22:45 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Babylon 2013-06-04 22:45 - 2013-06-04 22:45 - 00000000 ____D C:\ProgramData\Babylon 2013-06-04 22:44 - 2013-06-04 22:44 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.2 2013-06-04 22:43 - 2013-06-04 22:43 - 00000000 ____D C:\Users\Mike\AppData\Local\PutLockerDownloader 2013-06-03 22:41 - 2013-06-03 22:41 - 00000000 ____D C:\Users\Public\Documents\Stardock 2013-06-03 22:41 - 2013-06-03 22:41 - 00000000 ____D C:\Users\Mike\AppData\Local\Stardock 2013-06-03 22:41 - 2013-06-03 22:37 - 00000000 ____D C:\ProgramData\Stardock 2013-06-03 22:38 - 2013-06-03 22:38 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Stardock 2013-06-03 22:28 - 2013-06-03 22:28 - 00000000 ____D C:\Users\Mike\AppData\Local\PackageAware 2013-06-02 20:26 - 2013-06-02 20:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\StarDrive 2013-06-02 20:24 - 2013-06-02 20:24 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA 2013-06-02 08:05 - 2013-06-01 19:53 - 00000290 ____A C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job 2013-06-01 19:53 - 2013-06-01 19:53 - 00000000 ____D C:\Users\Mike\AppData\Roaming\dll-files.com 2013-06-01 19:53 - 2013-06-01 19:53 - 00000000 ____D C:\Program Files (x86)\Dll-Files.com Fixer 2013-06-01 19:52 - 2013-06-01 19:52 - 03549128 ____A C:\Users\Mike\Downloads\privat.rar 2013-06-01 19:31 - 2013-06-01 19:22 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Reign of Augustus 2013-06-01 08:12 - 2013-06-01 08:12 - 00875472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll 2013-06-01 08:12 - 2013-04-10 10:47 - 00000000 ____D C:\ProgramData\Steam 2013-06-01 08:03 - 2013-06-01 08:03 - 00535008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll 2013-06-01 07:56 - 2013-06-01 07:56 - 04241280 ____A (Dll-Files.com ) C:\Users\Mike\Downloads\dffsetup-msvcp110.exe 2013-05-31 08:51 - 2013-05-31 08:51 - 00000000 ____D C:\ProgramData\Package Cache 2013-05-30 07:55 - 2012-03-29 13:57 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Kalypso Media 2013-05-27 11:26 - 2013-05-27 11:26 - 00000000 ____D C:\Users\Mike\Documents\FUSSBALL MANAGER 13 2013-05-26 16:50 - 2011-07-30 08:51 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Winamp 2013-05-25 11:39 - 2010-11-06 12:47 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-05-25 11:12 - 2012-04-27 11:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-20 10:51 - 2013-05-20 10:51 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys 2013-05-20 10:51 - 2013-05-20 10:51 - 00000000 ____D C:\Users\Mike\AppData\Roaming\OpenCandy 2013-05-20 10:51 - 2013-05-20 10:51 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite 2013-05-18 19:24 - 2013-05-18 19:24 - 09304264 ____A (Wargaming.net ) C:\Users\Mike\Downloads\WoT_internet_install_eu.exe 2013-05-18 19:24 - 2012-12-22 09:48 - 00000000 ____D C:\Windows\SysWOW64\directx 2013-05-17 03:25 - 2013-06-12 18:10 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-17 03:25 - 2013-06-12 18:10 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-17 03:25 - 2013-06-12 18:10 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-17 03:25 - 2013-06-12 18:10 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-17 03:25 - 2013-06-12 18:10 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-17 03:25 - 2013-06-12 18:10 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-17 03:25 - 2013-06-12 18:10 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-17 03:25 - 2013-06-12 18:10 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-17 02:59 - 2013-06-12 18:10 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-17 02:59 - 2013-06-12 18:10 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-17 02:58 - 2013-06-12 18:10 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-17 02:58 - 2013-06-12 18:10 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-17 02:58 - 2013-06-12 18:10 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-17 02:58 - 2013-06-12 18:10 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-17 02:58 - 2013-06-12 18:10 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-17 02:58 - 2013-06-12 18:10 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-17 02:58 - 2013-06-12 18:10 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-13 11:25 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013 Ran by Mike at 2013-06-16 10:21:43 Run: Running from C:\Users\Mike\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 64 Bit HP CIO Components Installer (Version: 7.2.8) AAVUpdateManager (Version: 12.00.0000) ABBYY PDF Transformer 3.0 (Version: 3.00.145.7091) Acrobat.com (Version: 1.6.65) Adobe AIR (Version: 1.5.0.7220) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader 9.5.4 MUI (Version: 9.5.4) Advertising Center (Version: 0.0.0.2) Age of Empire 2 HD Edition GERMAN (c) Microsoft version 1 (Version: 1) ANNO 2070 - Complete Edition (Version: 2.00.7780) AnyDVD (Version: 7.1.5.0) Apple Application Support (Version: 2.1.7) Apple Mobile Device Support (Version: 5.1.1.4) Apple Software Update (Version: 2.1.3.127) Avidemux 2.5 (32-bit) (Version: 2.5.6.7716) Avira Free Antivirus (Version: 13.0.0.3640) B209a-m (Version: 140.0.690.000) Bejeweled 2 Deluxe (Version: 2.2.0.82) Bing Bar (Version: 7.0.834.0) Blasterball 3 (Version: 2.2.0.82) Bob the Builder Can-Do-Zoo (Version: 2.2.0.82) Bonjour (Version: 3.0.0.10) Brockhaus multimedial 2010 (Version: 12.00.0000) BufferChm (Version: 140.0.212.000) Build-a-lot 2 (Version: 2.2.0.82) CCleaner (Version: 3.08) Chicken Invaders 3 - Revenge of the Yolk (Version: 2.2.0.82) ClipGrab 3.2.0.10 Command & Conquer™ Alarmstufe Rot 3 (Version: 1.0.1.0) CyberLink PowerDVD 9 (Version: 9.0.2610.50) DAEMON Tools Lite (Version: 4.47.1.0333) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations (Version: 140.0.77.000) DeviceDiscovery (Version: 140.0.212.000) Die Siedler III Gold Edition Dll-Files.com Fixer (Version: 1.0) Driver Mender (Version: 8.0.1) Duke Nukem Forever Version 1.0.0.0 (Version: 1.0.0.0) DUNGEONS Game of the Year edition (Version: 1.3.1.0) eBay Worldwide (Version: 2.1.0901) eMachines Game Console eMachines Games (Version: 1.0.0.80) eMachines Recovery Management (Version: 4.05.3007) eMachines Registration (Version: 1.02.3006) eMachines ScreenSaver (Version: 1.1.0812) eMachines Updater (Version: 1.02.3001) Escape Rosecliff Island (Version: 2.2.0.82) ESET Online Scanner v3 EVEREST Home Edition v2.20 (Version: 2.20) Faerie Solitaire (Version: 2.2.0.82) FATE - The Traitor Soul (Version: 2.2.0.82) FilesFrog Update Checker FileZilla Client 3.5.3 (Version: 3.5.3) Gigaset QuickSync (Version: 8.0.0856.1) Google Update Helper (Version: 1.3.21.145) GPBaseService2 (Version: 140.0.211.000) GTA2 Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000) Hotkey Utility (Version: 2.05.3003) HP Customer Participation Program 14.0 (Version: 14.0) HP Imaging Device Functions 14.0 (Version: 14.0) HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0) HP Product Detection (Version: 11.14.0001) HP Smart Print 1.1.5.0 (Version: 1.1.5.0) HP Smart Web Printing 4.60 (Version: 4.60) HP Solution Center 14.0 (Version: 14.0) HP Update (Version: 5.003.001.001) HPDiagnosticAlert (Version: 1.00.0000) HPPhotoGadget (Version: 140.0.524.000) HPProductAssistant (Version: 140.0.212.000) HPSSupply (Version: 140.0.211.000) ICQ7.5 (Version: 7.5) Identity Card (Version: 1.00.3003) ImagXpress (Version: 7.0.74.0) Imperium Galactica 2 Insaniquarium Deluxe (Version: 2.2.0.82) iTunes (Version: 10.6.1.7) Jagged Alliance: Back in Action (Version: 1.0) Java Auto Updater (Version: 2.0.7.1) Java(TM) 6 Update 35 (Version: 6.0.350) JDownloader Jewel Quest (Version: 2.2.0.82) Jewel Quest Solitaire 3 (Version: 2.2.0.82) Junk Mail filter update (Version: 14.0.8089.726) Mahjongg Artifacts (Version: 2.2.0.82) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) MarketResearch (Version: 140.0.212.000) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Office 2010 (Version: 14.0.4763.1000) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (Version: 11.0.51106.1) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514) Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514) Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0) MobileMe Control Panel (Version: 3.1.4.0) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) NCIS Game (Version: 1.0.0.0) Nero 12 (Version: 12.0.02000) Nero 9 Essentials Nero Audio Pack 1 (Version: 11.0.11500.110.0) Nero BackItUp (Version: 12.0.2001) Nero BackItUp Help (CHM) (Version: 12.0.3000) Nero Backup Drivers (Version: 1.0.10000.1.0) Nero Blu-ray Player (Version: 12.0.14300) Nero Blu-ray Player Help (CHM) (Version: 12.0.4000) Nero Burning ROM (Version: 12.0.20000) Nero Burning ROM Help (CHM) (Version: 12.0.3000) Nero ControlCenter (Version: 11.0.15200) Nero ControlCenter (Version: 9.0.0.1) Nero ControlCenter Help (CHM) (Version: 12.0.5000) Nero Core Components (Version: 11.0.18100) Nero Disc Menus Basic (Version: 12.0.11500) Nero DiscSpeed (Version: 5.4.13.100) Nero DiscSpeed Help (Version: 5.4.4.100) Nero DriveSpeed (Version: 4.4.12.100) Nero DriveSpeed Help (Version: 4.4.4.100) Nero Effects Basic (Version: 12.0.11500) Nero Express (Version: 12.0.20000) Nero Express Help (CHM) (Version: 12.0.5000) Nero Express Help (Version: 9.6.2.101) Nero InfoTool (Version: 6.4.12.100) Nero InfoTool Help (Version: 6.4.4.100) Nero Installer (Version: 4.4.9.0) Nero Kwik Media (Version: 1.18.18200) Nero Kwik Media Help (CHM) (Version: 12.0.4000) Nero Kwik Themes Basic (Version: 12.0.11500) Nero Online Upgrade (Version: 1.3.0.0) Nero PiP Effects Basic (Version: 12.0.11500) Nero Recode (Version: 12.0.24000) Nero Recode Help (CHM) (Version: 12.0.4000) Nero RescueAgent (Version: 12.0.9000) Nero RescueAgent Help (CHM) (Version: 12.0.3000) Nero SharedVideoCodecs (Version: 1.0.12100.2.0) Nero StartSmart (Version: 9.4.37.100) Nero StartSmart Help (Version: 9.4.27.100) Nero StartSmart OEM (Version: 9.15.0.100) Nero Update (Version: 11.0.11800.31.0) Nero Video (Version: 12.0.3000) Nero Video Help (CHM) (Version: 12.0.4000) NeroExpress (Version: 9.4.33.100) neroxml (Version: 1.0.0) Network64 (Version: 140.0.215.000) Network64 (Version: 140.0.221.000) Norton Online Backup (Version: 1.2.0.36) NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22) NVIDIA 3D Vision Treiber 314.22 (Version: 314.22) NVIDIA Display Control Panel (Version: 1.10) NVIDIA Grafiktreiber 314.22 (Version: 314.22) NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1) NVIDIA Install Application (Version: 2.1002.115.743) NVIDIA PhysX (Version: 9.12.1031) NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1422) NVIDIA Systemsteuerung 314.22 (Version: 314.22) NVIDIA Update 1.12.12 (Version: 1.12.12) NVIDIA Update Components (Version: 1.12.12) OpenAL Pegtop PMeter Penguins! (Version: 2.2.0.82) Plus-HD-2.2 (Version: 1.27.153.3) Polar Bowler (Version: 2.2.0.82) Polar Golfer (Version: 2.2.0.82) Polar Pool (Version: 2.2.0.82) Prerequisite installer (Version: 12.0.0002) PS_AIO_06_B209a-m_SW_Min (Version: 140.0.690.000) PS3 Media Server (Version: 1.25.1) PunkBuster Services (Version: 0.991) QuickTime (Version: 7.69.80.9) QuickTransfer (Version: 140.0.98.000) Realtek High Definition Audio Driver (Version: 6.0.1.5972) Safari (Version: 5.33.18.5) Scan (Version: 140.0.80.000) SF-Visitenkarte 11.00 (Version: 11.00.000) Shop for HP Supplies (Version: 14.0) Siedler3 Sins of a Solar Empire Rebellion (c) Stardock version 1 (Version: 1) SmartWebPrinting (Version: 140.0.186.000) SolutionCenter (Version: 140.0.213.000) Star Trek Armada II StarCraft II (Version: 1.0.0.16117) Status (Version: 140.0.212.000) Steuer-Spar-Erklärung 2010 (Version: 15.03) StreamTransport version: 1.0.2.2171 Stronghold 2 (Version: 1.10) Supreme Commander 2 SweetIM Bundle by SweetPacks (Version: 1.0.0.0) SweetIM for Messenger 3.7 (Version: 3.7.0007) SweetPacks Toolbar For Firefox 1.13.0.0 (Version: 1.13.0.0) SweetPacks Updater (Version: 4.0.1.0) Tom Clancy's EndWar (Version: 1.00.0000) Toolbox (Version: 140.0.428.000) TrayApp (Version: 140.0.212.000) Ubisoft Game Launcher (Version: 1.0.0.0) Uninstall 1.0.0.1 Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Virtual Families (Version: 2.2.0.82) VIRTUAL RC RACING DEMO (Version: 3.2.0.0) Virtual Villagers - A New Home (Version: 2.2.0.82) VLC media player 1.1.2 (Version: 1.1.2) Warcraft III Wargame AirLand Battle (c) Focus Home Interactive version RLD! (Version: RLD!) WBFS Manager 3.0 (Version: 3.0) WebReg (Version: 140.0.212.017) Welcome App (Start-up experience) (Version: 12.0.14000) Welcome Center (Version: 1.00.3013) Winamp (Version: 5.621 ) Windows Live Anmelde-Assistent (Version: 5.000.818.5) Windows Live Call (Version: 14.0.8064.0206) Windows Live Communications Platform (Version: 14.0.8064.206) Windows Live Essentials (Version: 14.0.8089.0726) Windows Live Essentials (Version: 14.0.8089.726) Windows Live Fotogalerie (Version: 14.0.8081.709) Windows Live Mail (Version: 14.0.8089.0726) Windows Live Messenger (Version: 14.0.8089.0726) Windows Live Movie Maker (Version: 14.0.8091.0730) Windows Live Sync (Version: 14.0.8089.726) Windows Live Writer (Version: 14.0.8089.0726) Windows Live-Uploadtool (Version: 14.0.8014.1029) WinRAR Yahtzee (Version: 2.2.0.82) Zuma Deluxe (Version: 2.2.0.82) ==================== Restore Points ========================= 05-06-2013 06:07:04 Installiert Star Wars Empire at War 05-06-2013 06:16:54 Installed Star Wars Empire at War Forces of Corruption 05-06-2013 06:23:45 Entfernt Star Wars Empire at War 05-06-2013 06:24:24 Removed Star Wars(TM): Empire at War(TM): Forces of Corruption(TA&H* 06-06-2013 19:22:05 DLL-Files.com Fixer Do, Jun 06, 13 21:22 09-06-2013 07:52:06 DLL-Files.com Fixer So, Jun 09, 13 09:52 11-06-2013 08:27:17 Windows Update 12-06-2013 16:09:34 Windows Update 14-06-2013 18:56:55 Installed SpyHunter 15-06-2013 06:44:53 Removed SpyHunter 16-06-2013 01:00:14 Windows Update ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2-Maus Description: Microsoft PS/2-Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Photosmart Plus B209a-m Description: Photosmart Plus B209a-m Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart Plus B209a-m Description: Photosmart Plus B209a-m Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/16/2013 00:40:16 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/16/2013 00:40:04 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (06/16/2013 00:39:28 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1". Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/16/2013 00:39:15 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1". Fehler in Manifest- oder Richtliniendatei "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2" in Zeile SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0". Definition: SMC,processorArchitecture="x86",type="win32",version="12.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (06/15/2013 09:25:40 PM) (Source: Application Hang) (User: ) Description: Programm ICQ.exe, Version 7.5.0.5259 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 548 Startzeit: 01ce69fdfafff57a Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\ICQ7.5\ICQ.exe Berichts-ID: Error: (06/15/2013 00:33:36 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/15/2013 00:33:22 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (06/15/2013 00:32:40 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1". Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/15/2013 00:32:28 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1". Fehler in Manifest- oder Richtliniendatei "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2" in Zeile SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0". Definition: SMC,processorArchitecture="x86",type="win32",version="12.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (06/13/2013 11:28:13 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (06/16/2013 03:20:11 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/16/2013 03:20:11 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/16/2013 03:19:06 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/15/2013 08:14:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/15/2013 08:14:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/15/2013 08:13:19 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/15/2013 10:36:25 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/15/2013 10:36:25 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/15/2013 10:35:08 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/14/2013 08:56:30 PM) (Source: Service Control Manager) (User: ) Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (06/16/2013 00:40:16 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (06/16/2013 00:40:04 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (06/16/2013 00:39:28 AM) (Source: SideBySide)(User: ) Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest Error: (06/16/2013 00:39:15 AM) (Source: SideBySide)(User: ) Description: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"SMC,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifestc:\program files (x86)\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST3 Error: (06/15/2013 09:25:40 PM) (Source: Application Hang)(User: ) Description: ICQ.exe7.5.0.525954801ce69fdfafff57a10C:\Program Files (x86)\ICQ7.5\ICQ.exe Error: (06/15/2013 00:33:36 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (06/15/2013 00:33:22 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (06/15/2013 00:32:40 AM) (Source: SideBySide)(User: ) Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest Error: (06/15/2013 00:32:28 AM) (Source: SideBySide)(User: ) Description: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"SMC,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifestc:\program files (x86)\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST3 Error: (06/13/2013 11:28:13 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe CodeIntegrity Errors: =================================== Date: 2011-06-06 19:21:07.003 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Mike\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-06-06 19:21:06.987 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Mike\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-06-06 19:21:06.488 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-06-06 19:21:06.457 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 4095.24 MB Available physical RAM: 2230.95 MB Total Pagefile: 11093.43 MB Available Pagefile: 9059.52 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (eMachines) (Fixed) (Total:908.41 GB) (Free:703.15 GB) NTFS (Disk=0 Partition=3) Drive e: (Elements) (Fixed) (Total:1863.01 GB) (Free:941.64 GB) NTFS (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1A6F95E5) Partition 1: (Not Active) - (Size=23 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=908 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000575BA) Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
16.06.2013, 09:44
| #4 | |
| /// the machine /// TB-Ausbilder | Deal Finder eingefangen und evtl auch andere PlagegeisterCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.06.2013, 10:10
| #5 |
| | Deal Finder eingefangen und evtl auch andere PlagegeisterCode:
ATTFilter ComboFix 13-06-15.01 - Mike 16.06.2013 10:59:43.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2167 [GMT 2:00]
ausgeführt von:: c:\users\Mike\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
E:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-16 bis 2013-06-16 ))))))))))))))))))))))))))))))
.
.
2013-06-16 09:05 . 2013-06-16 09:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-16 09:05 . 2013-06-16 09:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-16 08:20 . 2013-06-16 08:20 -------- d-----w- C:\FRST
2013-06-16 01:21 . 2013-06-16 01:21 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE90855B-B2BF-4F44-914F-EE9782C3838A}\offreg.dll
2013-06-15 19:24 . 2013-06-16 01:18 -------- d-----w- c:\users\Mike\Tracing
2013-06-15 19:24 . 2013-06-15 19:25 -------- d-----w- c:\program files (x86)\SweetIM
2013-06-15 19:24 . 2013-06-15 19:24 -------- d-----w- c:\programdata\SweetIM
2013-06-15 19:24 . 2013-06-16 01:17 -------- d-----w- c:\windows\SysWow64\WNLT
2013-06-15 19:24 . 2013-06-15 19:24 -------- d-----w- c:\windows\SysWow64\jmdp
2013-06-15 19:24 . 2013-06-15 19:24 -------- d-----w- c:\windows\SysWow64\ARFC
2013-06-15 19:24 . 2013-05-16 12:32 1277744 ----a-w- c:\windows\system32\dmwu.exe
2013-06-15 19:24 . 2013-05-16 12:31 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-15 19:24 . 2013-06-15 19:24 -------- d-----w- c:\program files (x86)\sweetpacks bundle uninstaller
2013-06-15 19:24 . 2013-06-15 19:24 -------- d-----w- c:\program files (x86)\FilesFrog Update Checker
2013-06-14 21:31 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE90855B-B2BF-4F44-914F-EE9782C3838A}\mpengine.dll
2013-06-14 18:57 . 2013-06-14 18:57 -------- d-----w- c:\program files\Enigma Software Group
2013-06-14 18:56 . 2013-06-15 06:45 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-12 09:42 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 09:42 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 09:42 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 09:42 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 09:42 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 09:42 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 09:42 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 09:42 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 09:42 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 09:42 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 09:42 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 09:42 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 09:42 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-08 20:58 . 2013-06-08 20:58 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-06-08 20:58 . 2013-06-08 20:58 -------- d-----w- c:\windows\SysWow64\Extensions
2013-06-04 20:45 . 2013-06-04 20:45 -------- d-----w- c:\programdata\Babylon
2013-06-04 20:45 . 2013-06-04 20:45 -------- d-----w- c:\users\Mike\AppData\Roaming\Babylon
2013-06-04 20:44 . 2013-06-15 19:28 -------- d-----w- c:\programdata\Tarma Installer
2013-06-04 20:44 . 2013-06-04 20:44 -------- d-----w- c:\program files (x86)\Plus-HD-2.2
2013-06-04 20:43 . 2013-06-04 20:43 -------- d-----w- c:\users\Mike\AppData\Local\PutLockerDownloader
2013-06-03 20:41 . 2013-06-03 20:41 -------- d-----w- c:\users\Mike\AppData\Local\Stardock
2013-06-03 20:38 . 2013-06-03 20:38 -------- d-----w- c:\users\Mike\AppData\Roaming\Stardock
2013-06-03 20:37 . 2013-06-03 20:41 -------- d-----w- c:\programdata\Stardock
2013-06-03 20:28 . 2013-06-03 20:28 -------- d-----w- c:\users\Mike\AppData\Local\PackageAware
2013-06-02 18:26 . 2013-06-02 18:26 -------- d-----w- c:\users\Mike\AppData\Roaming\StarDrive
2013-06-02 18:24 . 2013-06-02 18:24 -------- d-----w- c:\program files (x86)\Microsoft XNA
2013-06-01 17:53 . 2013-06-01 17:53 -------- d-----w- c:\users\Mike\AppData\Roaming\dll-files.com
2013-06-01 17:53 . 2013-06-01 17:53 -------- d-----w- c:\program files (x86)\Dll-Files.com Fixer
2013-06-01 17:22 . 2013-06-01 17:31 -------- d-----w- c:\users\Mike\AppData\Roaming\Reign of Augustus
2013-06-01 06:12 . 2013-06-01 06:12 875472 ----a-w- c:\windows\SysWow64\msvcr110.dll
2013-06-01 06:03 . 2013-06-01 06:03 535008 ----a-w- c:\windows\SysWow64\msvcp110.dll
2013-06-01 05:57 . 2013-06-01 05:57 -------- d-----w- c:\programdata\Logs
2013-06-01 05:57 . 2013-04-11 14:12 19392 ----a-w- c:\windows\system32\roboot64.exe
2013-05-31 06:51 . 2013-05-31 06:51 -------- d-----w- c:\programdata\Package Cache
2013-05-20 08:51 . 2013-05-20 08:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-05-20 08:51 . 2013-05-20 08:51 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-05-20 08:51 . 2013-05-20 08:51 -------- d-----w- c:\users\Mike\AppData\Roaming\OpenCandy
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 16:11 . 2011-06-30 17:15 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 12:10 . 2012-04-23 06:36 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 12:10 . 2012-02-02 17:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 12:02 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-05-16 12:02 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-02 08:18 . 2013-05-02 08:18 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-11-05 10:39 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 14:45 . 2013-04-24 12:39 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 15:33 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 15:33 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 15:33 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2011-07-01 17:56 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 16:52 . 2013-04-02 16:52 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 16:52 . 2013-04-02 16:52 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 16:52 . 2013-04-02 16:52 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 16:52 . 2013-04-02 16:52 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 16:52 . 2013-04-02 16:52 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 16:52 . 2013-04-02 16:52 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 16:52 . 2013-04-02 16:52 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 16:52 . 2013-04-02 16:52 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 16:52 . 2013-04-02 16:52 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 16:52 . 2013-04-02 16:52 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 16:52 . 2013-04-02 16:52 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 16:52 . 2013-04-02 16:52 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 16:52 . 2013-04-02 16:52 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 16:52 . 2013-04-02 16:52 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 16:52 . 2013-04-02 16:52 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 16:52 . 2013-04-02 16:52 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 16:52 . 2013-04-02 16:52 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 16:52 . 2013-04-02 16:52 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 16:52 . 2013-04-02 16:52 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 16:52 . 2013-04-02 16:52 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 16:52 . 2013-04-02 16:52 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 16:52 . 2013-04-02 16:52 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 16:52 . 2013-04-02 16:52 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 16:52 . 2013-04-02 16:52 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 16:52 . 2013-04-02 16:52 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 16:52 . 2013-04-02 16:52 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 16:52 . 2013-04-02 16:52 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 16:52 . 2013-04-02 16:52 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 16:52 . 2013-04-02 16:52 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 16:52 . 2013-04-02 16:52 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 16:52 . 2013-04-02 16:52 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 16:52 . 2013-04-02 16:52 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 16:52 . 2013-04-02 16:52 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 16:52 . 2013-04-02 16:52 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 16:52 . 2013-04-02 16:52 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 16:52 . 2013-04-02 16:52 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 16:52 . 2013-04-02 16:52 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 16:52 . 2013-04-02 16:52 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 16:52 . 2013-04-02 16:52 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 16:52 . 2013-04-02 16:52 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 16:52 . 2013-04-02 16:52 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 16:52 . 2013-04-02 16:52 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 16:52 . 2013-04-02 16:52 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 16:52 . 2013-04-02 16:52 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 16:52 . 2013-04-02 16:52 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-02 16:52 . 2013-04-02 16:52 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-02 16:52 . 2013-04-02 16:52 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 16:52 . 2013-04-02 16:52 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 16:52 . 2013-04-02 16:52 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 16:50 . 2013-04-02 16:50 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-02 16:50 . 2013-04-02 16:50 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-02 16:50 . 2013-04-02 16:50 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-02 16:50 . 2013-04-02 16:50 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-02 16:50 . 2013-04-02 16:50 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-02 16:50 . 2013-04-02 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-02 16:50 . 2013-04-02 16:50 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-02 16:50 . 2013-04-02 16:50 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-02 16:50 . 2013-04-02 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-04-02 16:50 . 2013-04-02 16:50 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-02 16:50 . 2013-04-02 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-02 16:50 . 2013-04-02 16:50 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-04-02 16:50 . 2013-04-02 16:50 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-02 16:50 . 2013-04-02 16:50 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-02 16:50 . 2013-04-02 16:50 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-04-02 16:50 . 2013-04-02 16:50 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-02 16:50 . 2013-04-02 16:50 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-02 16:50 . 2013-04-02 16:50 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-04-02 16:50 . 2013-04-02 16:50 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-04-02 16:50 . 2013-04-02 16:50 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-02 16:50 . 2013-04-02 16:50 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-04-02 16:50 . 2013-04-02 16:50 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-04-02 16:50 . 2013-04-02 16:50 1887232 ----a-w- c:\windows\system32\d3d11.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}]
2013-06-04 20:44 743272 ----a-w- c:\program files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2013-02-11 6869080]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"SDP"="c:\program files (x86)\FilesFrog Update Checker\update_checker.exe" [2013-01-31 201808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 awcznrnp;awcznrnp;c:\windows\system32\drivers\awcznrnp.sys;c:\windows\SYSNATIVE\drivers\awcznrnp.sys [x]
R1 axdxfucm;axdxfucm;c:\windows\system32\drivers\axdxfucm.sys;c:\windows\SYSNATIVE\drivers\axdxfucm.sys [x]
R1 bwddvlip;bwddvlip;c:\windows\system32\drivers\bwddvlip.sys;c:\windows\SYSNATIVE\drivers\bwddvlip.sys [x]
R1 cprquehu;cprquehu;c:\windows\system32\drivers\cprquehu.sys;c:\windows\SYSNATIVE\drivers\cprquehu.sys [x]
R1 crbanlbr;crbanlbr;c:\windows\system32\drivers\crbanlbr.sys;c:\windows\SYSNATIVE\drivers\crbanlbr.sys [x]
R1 dkotyvqg;dkotyvqg;c:\windows\system32\drivers\dkotyvqg.sys;c:\windows\SYSNATIVE\drivers\dkotyvqg.sys [x]
R1 ecouzyth;ecouzyth;c:\windows\system32\drivers\ecouzyth.sys;c:\windows\SYSNATIVE\drivers\ecouzyth.sys [x]
R1 fbnwrvkg;fbnwrvkg;c:\windows\system32\drivers\fbnwrvkg.sys;c:\windows\SYSNATIVE\drivers\fbnwrvkg.sys [x]
R1 figjbkgd;figjbkgd;c:\windows\system32\drivers\figjbkgd.sys;c:\windows\SYSNATIVE\drivers\figjbkgd.sys [x]
R1 fjgvtbun;fjgvtbun;c:\windows\system32\drivers\fjgvtbun.sys;c:\windows\SYSNATIVE\drivers\fjgvtbun.sys [x]
R1 fumuhlah;fumuhlah;c:\windows\system32\drivers\fumuhlah.sys;c:\windows\SYSNATIVE\drivers\fumuhlah.sys [x]
R1 ghulqygu;ghulqygu;c:\windows\system32\drivers\ghulqygu.sys;c:\windows\SYSNATIVE\drivers\ghulqygu.sys [x]
R1 gytutppy;gytutppy;c:\windows\system32\drivers\gytutppy.sys;c:\windows\SYSNATIVE\drivers\gytutppy.sys [x]
R1 hboelqic;hboelqic;c:\windows\system32\drivers\hboelqic.sys;c:\windows\SYSNATIVE\drivers\hboelqic.sys [x]
R1 hbtngzps;hbtngzps;c:\windows\system32\drivers\hbtngzps.sys;c:\windows\SYSNATIVE\drivers\hbtngzps.sys [x]
R1 hmzgqbcb;hmzgqbcb;c:\windows\system32\drivers\hmzgqbcb.sys;c:\windows\SYSNATIVE\drivers\hmzgqbcb.sys [x]
R1 hsalxbjm;hsalxbjm;c:\windows\system32\drivers\hsalxbjm.sys;c:\windows\SYSNATIVE\drivers\hsalxbjm.sys [x]
R1 ibounzvk;ibounzvk;c:\windows\system32\drivers\ibounzvk.sys;c:\windows\SYSNATIVE\drivers\ibounzvk.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys;c:\windows\SYSNATIVE\DRIVERS\GigasetGenericUSB_x64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 ABBYY.Licensing.PDFTransformer.Site License.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 12:10]
.
2013-06-05 c:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-06-01 12:12]
.
2013-06-02 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-06-01 12:12]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-05 10:35]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-05 10:35]
.
2013-06-16 c:\windows\Tasks\Plus-HD-2.2-codedownloader.job
- c:\program files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe [2013-06-04 20:44]
.
2013-06-16 c:\windows\Tasks\Plus-HD-2.2-enabler.job
- c:\program files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe [2013-06-04 20:44]
.
2013-06-16 c:\windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
- c:\program files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe [2013-06-04 20:44]
.
2013-06-16 c:\windows\Tasks\Plus-HD-2.2-updater.job
- c:\program files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe [2013-06-04 20:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8312352]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=119781&tt=gc_&babsrc=HP_ss_din2g&mntrId=C21B4487FCA8727B
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=6&barid={29474EC1-D5F1-11E2-91A1-4487FCA8727B}&crg=3.1010000.10039&st=23&ptr=100&q=
FF - ExtSQL: 2013-06-15 21:24; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: !HIDDEN! 2010-11-14 13:14; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - c21b59a50000000000004487fca8727b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15860
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.522:45
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119781&tt=gc_
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-70844639.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-GTA2 - c:\program files (x86)\GTA2\uninst.isu
AddRemove-Imperium Galactica 2 - c:\windows\IsUn0407.exe
AddRemove-QWdlIG9mIEVtcGlyZSAyIEhEIEVkaXRpb24=_is1 - c:\program files (x86)\Age of Empire 2 HD Edition\unins000.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
AddRemove-Siedler3Deinstall - c:\windows\IsUn0407.exe
AddRemove-Star Trek Armada II - c:\windows\IsUn0407.exe
AddRemove-Supreme Commander 2_is1 - c:\program files (x86)\SQUARE ENIX\Supreme Commander 2\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{4916C011-3048-456A-8F34-1A5DF90ECC2B}_is1 - c:\program files (x86)\Ubisoft\Related Designs\ANNO 2070\unins000.exe
AddRemove-{5281D4DA-3802-4FAE-A941-E0CBE79BACFC}_is1 - c:\program files (x86)\2K Games\Duke Nukem Forever\unins000.exe
AddRemove-{C3E3DE88-5C71-433B-917D-064ACCDC9CAD}_is1 - c:\program files (x86)\Kalypso\Jagged Alliance - Back in Action\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1557765290-4178029710-2347594186-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:18,a3,23,b4,70,4a,fa,de,24,1b,7e,6f,2d,ae,5b,56,22,e4,d4,3b,d6,ad,d7,
c0,0e,79,99,c9,40,f9,81,3c,d7,08,95,85,24,fa,9f,18,0a,62,f4,f7,4e,3b,a3,45,\
"??"=hex:d6,0c,ac,78,c0,d2,0b,85,55,19,64,2e,7e,74,10,38
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-16 11:07:34
ComboFix-quarantined-files.txt 2013-06-16 09:07
.
Vor Suchlauf: 12 Verzeichnis(se), 756.758.245.376 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 762.023.501.824 Bytes frei
.
- - End Of File - - 02A44FD5BF88FE58DAB83DE78FDAD407
A36C5E4F47E84449FF07ED3517B43A31
|
|
16.06.2013, 10:41
| #6 |
| /// the machine /// TB-Ausbilder | Deal Finder eingefangen und evtl auch andere Plagegeister Hi, Combofix-Skript
__________________ --> Deal Finder eingefangen und evtl auch andere Plagegeister |
|
16.06.2013, 11:45
| #7 |
| | Deal Finder eingefangen und evtl auch andere PlagegeisterCode:
ATTFilter ComboFix 13-06-15.01 - Mike 16.06.2013 12:32:11.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2702 [GMT 2:00]
ausgeführt von:: c:\users\Mike\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Mike\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_awcznrnp
-------\Service_axdxfucm
-------\Service_bwddvlip
-------\Service_cprquehu
-------\Service_crbanlbr
-------\Service_dkotyvqg
-------\Service_ecouzyth
-------\Service_fbnwrvkg
-------\Service_figjbkgd
-------\Service_fjgvtbun
-------\Service_fumuhlah
-------\Service_ghulqygu
-------\Service_gytutppy
-------\Service_hboelqic
-------\Service_hbtngzps
-------\Service_hmzgqbcb
-------\Service_hsalxbjm
-------\Service_ibounzvk
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-16 bis 2013-06-16 ))))))))))))))))))))))))))))))
.
.
2013-06-16 10:37 . 2013-06-16 10:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-16 08:20 . 2013-06-16 08:20 -------- d-----w- C:\FRST
2013-06-15 19:24 . 2013-06-16 01:18 -------- d-----w- c:\users\Mike\Tracing
2013-06-15 19:24 . 2013-06-15 19:25 -------- d-----w- c:\program files (x86)\SweetIM
2013-06-15 19:24 . 2013-06-15 19:24 -------- d-----w- c:\programdata\SweetIM
2013-06-15 19:24 . 2013-06-16 01:17 -------- d-----w- c:\windows\SysWow64\WNLT
2013-06-15 19:24 . 2013-06-15 19:24 -------- d-----w- c:\windows\SysWow64\jmdp
2013-06-15 19:24 . 2013-06-15 19:24 -------- d-----w- c:\windows\SysWow64\ARFC
2013-06-15 19:24 . 2013-05-16 12:32 1277744 ----a-w- c:\windows\system32\dmwu.exe
2013-06-15 19:24 . 2013-05-16 12:31 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-15 19:24 . 2013-06-15 19:24 -------- d-----w- c:\program files (x86)\sweetpacks bundle uninstaller
2013-06-15 19:24 . 2013-06-15 19:24 -------- d-----w- c:\program files (x86)\FilesFrog Update Checker
2013-06-14 21:31 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE90855B-B2BF-4F44-914F-EE9782C3838A}\mpengine.dll
2013-06-14 18:57 . 2013-06-14 18:57 -------- d-----w- c:\program files\Enigma Software Group
2013-06-14 18:56 . 2013-06-15 06:45 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-12 09:42 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 09:42 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 09:42 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 09:42 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 09:42 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 09:42 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 09:42 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 09:42 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 09:42 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 09:42 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 09:42 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 09:42 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 09:42 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-08 20:58 . 2013-06-08 20:58 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-06-08 20:58 . 2013-06-08 20:58 -------- d-----w- c:\windows\SysWow64\Extensions
2013-06-04 20:45 . 2013-06-04 20:45 -------- d-----w- c:\programdata\Babylon
2013-06-04 20:45 . 2013-06-04 20:45 -------- d-----w- c:\users\Mike\AppData\Roaming\Babylon
2013-06-04 20:44 . 2013-06-15 19:28 -------- d-----w- c:\programdata\Tarma Installer
2013-06-04 20:44 . 2013-06-04 20:44 -------- d-----w- c:\program files (x86)\Plus-HD-2.2
2013-06-04 20:43 . 2013-06-04 20:43 -------- d-----w- c:\users\Mike\AppData\Local\PutLockerDownloader
2013-06-03 20:41 . 2013-06-03 20:41 -------- d-----w- c:\users\Mike\AppData\Local\Stardock
2013-06-03 20:38 . 2013-06-03 20:38 -------- d-----w- c:\users\Mike\AppData\Roaming\Stardock
2013-06-03 20:37 . 2013-06-03 20:41 -------- d-----w- c:\programdata\Stardock
2013-06-03 20:28 . 2013-06-03 20:28 -------- d-----w- c:\users\Mike\AppData\Local\PackageAware
2013-06-02 18:26 . 2013-06-02 18:26 -------- d-----w- c:\users\Mike\AppData\Roaming\StarDrive
2013-06-02 18:24 . 2013-06-02 18:24 -------- d-----w- c:\program files (x86)\Microsoft XNA
2013-06-01 17:22 . 2013-06-01 17:31 -------- d-----w- c:\users\Mike\AppData\Roaming\Reign of Augustus
2013-06-01 06:12 . 2013-06-01 06:12 875472 ----a-w- c:\windows\SysWow64\msvcr110.dll
2013-06-01 06:03 . 2013-06-01 06:03 535008 ----a-w- c:\windows\SysWow64\msvcp110.dll
2013-06-01 05:57 . 2013-06-01 05:57 -------- d-----w- c:\programdata\Logs
2013-06-01 05:57 . 2013-04-11 14:12 19392 ----a-w- c:\windows\system32\roboot64.exe
2013-05-31 06:51 . 2013-05-31 06:51 -------- d-----w- c:\programdata\Package Cache
2013-05-20 08:51 . 2013-05-20 08:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-05-20 08:51 . 2013-05-20 08:51 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-05-20 08:51 . 2013-05-20 08:51 -------- d-----w- c:\users\Mike\AppData\Roaming\OpenCandy
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 16:11 . 2011-06-30 17:15 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 12:10 . 2012-04-23 06:36 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 12:10 . 2012-02-02 17:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 12:02 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-05-16 12:02 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-02 08:18 . 2013-05-02 08:18 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-11-05 10:39 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 14:45 . 2013-04-24 12:39 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 15:33 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 15:33 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 15:33 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2011-07-01 17:56 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 16:52 . 2013-04-02 16:52 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 16:52 . 2013-04-02 16:52 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 16:52 . 2013-04-02 16:52 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 16:52 . 2013-04-02 16:52 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 16:52 . 2013-04-02 16:52 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 16:52 . 2013-04-02 16:52 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 16:52 . 2013-04-02 16:52 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 16:52 . 2013-04-02 16:52 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 16:52 . 2013-04-02 16:52 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 16:52 . 2013-04-02 16:52 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 16:52 . 2013-04-02 16:52 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 16:52 . 2013-04-02 16:52 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 16:52 . 2013-04-02 16:52 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 16:52 . 2013-04-02 16:52 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 16:52 . 2013-04-02 16:52 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 16:52 . 2013-04-02 16:52 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 16:52 . 2013-04-02 16:52 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 16:52 . 2013-04-02 16:52 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 16:52 . 2013-04-02 16:52 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 16:52 . 2013-04-02 16:52 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 16:52 . 2013-04-02 16:52 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 16:52 . 2013-04-02 16:52 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 16:52 . 2013-04-02 16:52 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 16:52 . 2013-04-02 16:52 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 16:52 . 2013-04-02 16:52 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 16:52 . 2013-04-02 16:52 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 16:52 . 2013-04-02 16:52 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 16:52 . 2013-04-02 16:52 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 16:52 . 2013-04-02 16:52 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 16:52 . 2013-04-02 16:52 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 16:52 . 2013-04-02 16:52 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 16:52 . 2013-04-02 16:52 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 16:52 . 2013-04-02 16:52 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 16:52 . 2013-04-02 16:52 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 16:52 . 2013-04-02 16:52 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 16:52 . 2013-04-02 16:52 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 16:52 . 2013-04-02 16:52 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 16:52 . 2013-04-02 16:52 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 16:52 . 2013-04-02 16:52 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 16:52 . 2013-04-02 16:52 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 16:52 . 2013-04-02 16:52 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 16:52 . 2013-04-02 16:52 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 16:52 . 2013-04-02 16:52 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 16:52 . 2013-04-02 16:52 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 16:52 . 2013-04-02 16:52 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-02 16:52 . 2013-04-02 16:52 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-02 16:52 . 2013-04-02 16:52 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 16:52 . 2013-04-02 16:52 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 16:52 . 2013-04-02 16:52 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 16:50 . 2013-04-02 16:50 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-02 16:50 . 2013-04-02 16:50 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-02 16:50 . 2013-04-02 16:50 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-02 16:50 . 2013-04-02 16:50 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-02 16:50 . 2013-04-02 16:50 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-02 16:50 . 2013-04-02 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-02 16:50 . 2013-04-02 16:50 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-02 16:50 . 2013-04-02 16:50 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-02 16:50 . 2013-04-02 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-04-02 16:50 . 2013-04-02 16:50 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-02 16:50 . 2013-04-02 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-02 16:50 . 2013-04-02 16:50 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-04-02 16:50 . 2013-04-02 16:50 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-02 16:50 . 2013-04-02 16:50 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-02 16:50 . 2013-04-02 16:50 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 16:50 . 2013-04-02 16:50 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-04-02 16:50 . 2013-04-02 16:50 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-02 16:50 . 2013-04-02 16:50 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-02 16:50 . 2013-04-02 16:50 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-04-02 16:50 . 2013-04-02 16:50 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-04-02 16:50 . 2013-04-02 16:50 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-02 16:50 . 2013-04-02 16:50 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-04-02 16:50 . 2013-04-02 16:50 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-04-02 16:50 . 2013-04-02 16:50 1887232 ----a-w- c:\windows\system32\d3d11.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}]
2013-06-04 20:44 743272 ----a-w- c:\program files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2013-02-11 6869080]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"SDP"="c:\program files (x86)\FilesFrog Update Checker\update_checker.exe" [2013-01-31 201808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 ikccvsfz;ikccvsfz;c:\windows\system32\drivers\ikccvsfz.sys;c:\windows\SYSNATIVE\drivers\ikccvsfz.sys [x]
R1 itxxvtub;itxxvtub;c:\windows\system32\drivers\itxxvtub.sys;c:\windows\SYSNATIVE\drivers\itxxvtub.sys [x]
R1 kjrqtluh;kjrqtluh;c:\windows\system32\drivers\kjrqtluh.sys;c:\windows\SYSNATIVE\drivers\kjrqtluh.sys [x]
R1 kpsxboet;kpsxboet;c:\windows\system32\drivers\kpsxboet.sys;c:\windows\SYSNATIVE\drivers\kpsxboet.sys [x]
R1 kspeywng;kspeywng;c:\windows\system32\drivers\kspeywng.sys;c:\windows\SYSNATIVE\drivers\kspeywng.sys [x]
R1 lbzpvmqv;lbzpvmqv;c:\windows\system32\drivers\lbzpvmqv.sys;c:\windows\SYSNATIVE\drivers\lbzpvmqv.sys [x]
R1 lszxvuwg;lszxvuwg;c:\windows\system32\drivers\lszxvuwg.sys;c:\windows\SYSNATIVE\drivers\lszxvuwg.sys [x]
R1 mccngvek;mccngvek;c:\windows\system32\drivers\mccngvek.sys;c:\windows\SYSNATIVE\drivers\mccngvek.sys [x]
R1 mdicgsjk;mdicgsjk;c:\windows\system32\drivers\mdicgsjk.sys;c:\windows\SYSNATIVE\drivers\mdicgsjk.sys [x]
R1 mqixzscz;mqixzscz;c:\windows\system32\drivers\mqixzscz.sys;c:\windows\SYSNATIVE\drivers\mqixzscz.sys [x]
R1 msuindag;msuindag;c:\windows\system32\drivers\msuindag.sys;c:\windows\SYSNATIVE\drivers\msuindag.sys [x]
R1 niozdyml;niozdyml;c:\windows\system32\drivers\niozdyml.sys;c:\windows\SYSNATIVE\drivers\niozdyml.sys [x]
R1 nyzctwrf;nyzctwrf;c:\windows\system32\drivers\nyzctwrf.sys;c:\windows\SYSNATIVE\drivers\nyzctwrf.sys [x]
R1 ocjadhqv;ocjadhqv;c:\windows\system32\drivers\ocjadhqv.sys;c:\windows\SYSNATIVE\drivers\ocjadhqv.sys [x]
R1 oigajvie;oigajvie;c:\windows\system32\drivers\oigajvie.sys;c:\windows\SYSNATIVE\drivers\oigajvie.sys [x]
R1 oprzdfuo;oprzdfuo;c:\windows\system32\drivers\oprzdfuo.sys;c:\windows\SYSNATIVE\drivers\oprzdfuo.sys [x]
R1 orwmdtfm;orwmdtfm;c:\windows\system32\drivers\orwmdtfm.sys;c:\windows\SYSNATIVE\drivers\orwmdtfm.sys [x]
R1 oxwrcqcy;oxwrcqcy;c:\windows\system32\drivers\oxwrcqcy.sys;c:\windows\SYSNATIVE\drivers\oxwrcqcy.sys [x]
R1 phfvrgwh;phfvrgwh;c:\windows\system32\drivers\phfvrgwh.sys;c:\windows\SYSNATIVE\drivers\phfvrgwh.sys [x]
R1 pjcfpant;pjcfpant;c:\windows\system32\drivers\pjcfpant.sys;c:\windows\SYSNATIVE\drivers\pjcfpant.sys [x]
R1 plhpktib;plhpktib;c:\windows\system32\drivers\plhpktib.sys;c:\windows\SYSNATIVE\drivers\plhpktib.sys [x]
R1 pqhrejwu;pqhrejwu;c:\windows\system32\drivers\pqhrejwu.sys;c:\windows\SYSNATIVE\drivers\pqhrejwu.sys [x]
R1 qetdlkmt;qetdlkmt;c:\windows\system32\drivers\qetdlkmt.sys;c:\windows\SYSNATIVE\drivers\qetdlkmt.sys [x]
R1 qfqkfabl;qfqkfabl;c:\windows\system32\drivers\qfqkfabl.sys;c:\windows\SYSNATIVE\drivers\qfqkfabl.sys [x]
R1 qnkuvvak;qnkuvvak;c:\windows\system32\drivers\qnkuvvak.sys;c:\windows\SYSNATIVE\drivers\qnkuvvak.sys [x]
R1 reolktay;reolktay;c:\windows\system32\drivers\reolktay.sys;c:\windows\SYSNATIVE\drivers\reolktay.sys [x]
R1 rgtbdpfp;rgtbdpfp;c:\windows\system32\drivers\rgtbdpfp.sys;c:\windows\SYSNATIVE\drivers\rgtbdpfp.sys [x]
R1 rhqyeazl;rhqyeazl;c:\windows\system32\drivers\rhqyeazl.sys;c:\windows\SYSNATIVE\drivers\rhqyeazl.sys [x]
R1 rmnugqgp;rmnugqgp;c:\windows\system32\drivers\rmnugqgp.sys;c:\windows\SYSNATIVE\drivers\rmnugqgp.sys [x]
R1 ruvxhgtb;ruvxhgtb;c:\windows\system32\drivers\ruvxhgtb.sys;c:\windows\SYSNATIVE\drivers\ruvxhgtb.sys [x]
R1 sanpxhga;sanpxhga;c:\windows\system32\drivers\sanpxhga.sys;c:\windows\SYSNATIVE\drivers\sanpxhga.sys [x]
R1 sbxputqo;sbxputqo;c:\windows\system32\drivers\sbxputqo.sys;c:\windows\SYSNATIVE\drivers\sbxputqo.sys [x]
R1 sgnshsat;sgnshsat;c:\windows\system32\drivers\sgnshsat.sys;c:\windows\SYSNATIVE\drivers\sgnshsat.sys [x]
R1 tvplmoni;tvplmoni;c:\windows\system32\drivers\tvplmoni.sys;c:\windows\SYSNATIVE\drivers\tvplmoni.sys [x]
R1 tyrdbefy;tyrdbefy;c:\windows\system32\drivers\tyrdbefy.sys;c:\windows\SYSNATIVE\drivers\tyrdbefy.sys [x]
R1 ucgodlmt;ucgodlmt;c:\windows\system32\drivers\ucgodlmt.sys;c:\windows\SYSNATIVE\drivers\ucgodlmt.sys [x]
R1 uedctjja;uedctjja;c:\windows\system32\drivers\uedctjja.sys;c:\windows\SYSNATIVE\drivers\uedctjja.sys [x]
R1 vahrlmxc;vahrlmxc;c:\windows\system32\drivers\vahrlmxc.sys;c:\windows\SYSNATIVE\drivers\vahrlmxc.sys [x]
R1 vcvuuzmw;vcvuuzmw;c:\windows\system32\drivers\vcvuuzmw.sys;c:\windows\SYSNATIVE\drivers\vcvuuzmw.sys [x]
R1 veaauvmh;veaauvmh;c:\windows\system32\drivers\veaauvmh.sys;c:\windows\SYSNATIVE\drivers\veaauvmh.sys [x]
R1 vetnlooa;vetnlooa;c:\windows\system32\drivers\vetnlooa.sys;c:\windows\SYSNATIVE\drivers\vetnlooa.sys [x]
R1 vnlcwopc;vnlcwopc;c:\windows\system32\drivers\vnlcwopc.sys;c:\windows\SYSNATIVE\drivers\vnlcwopc.sys [x]
R1 vtndwbsb;vtndwbsb;c:\windows\system32\drivers\vtndwbsb.sys;c:\windows\SYSNATIVE\drivers\vtndwbsb.sys [x]
R1 wdhxyita;wdhxyita;c:\windows\system32\drivers\wdhxyita.sys;c:\windows\SYSNATIVE\drivers\wdhxyita.sys [x]
R1 wqazbfjq;wqazbfjq;c:\windows\system32\drivers\wqazbfjq.sys;c:\windows\SYSNATIVE\drivers\wqazbfjq.sys [x]
R1 wukdweuw;wukdweuw;c:\windows\system32\drivers\wukdweuw.sys;c:\windows\SYSNATIVE\drivers\wukdweuw.sys [x]
R1 wwiqhkwe;wwiqhkwe;c:\windows\system32\drivers\wwiqhkwe.sys;c:\windows\SYSNATIVE\drivers\wwiqhkwe.sys [x]
R1 xkzacprj;xkzacprj;c:\windows\system32\drivers\xkzacprj.sys;c:\windows\SYSNATIVE\drivers\xkzacprj.sys [x]
R1 xsfwvrca;xsfwvrca;c:\windows\system32\drivers\xsfwvrca.sys;c:\windows\SYSNATIVE\drivers\xsfwvrca.sys [x]
R1 yenbmchu;yenbmchu;c:\windows\system32\drivers\yenbmchu.sys;c:\windows\SYSNATIVE\drivers\yenbmchu.sys [x]
R1 yfabucqn;yfabucqn;c:\windows\system32\drivers\yfabucqn.sys;c:\windows\SYSNATIVE\drivers\yfabucqn.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys;c:\windows\SYSNATIVE\DRIVERS\GigasetGenericUSB_x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 ABBYY.Licensing.PDFTransformer.Site License.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 12:10]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-05 10:35]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-05 10:35]
.
2013-06-16 c:\windows\Tasks\Plus-HD-2.2-codedownloader.job
- c:\program files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe [2013-06-04 20:44]
.
2013-06-16 c:\windows\Tasks\Plus-HD-2.2-enabler.job
- c:\program files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe [2013-06-04 20:44]
.
2013-06-16 c:\windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
- c:\program files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe [2013-06-04 20:44]
.
2013-06-16 c:\windows\Tasks\Plus-HD-2.2-updater.job
- c:\program files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe [2013-06-04 20:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8312352]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=119781&tt=gc_&babsrc=HP_ss_din2g&mntrId=C21B4487FCA8727B
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=6&barid={29474EC1-D5F1-11E2-91A1-4487FCA8727B}&crg=3.1010000.10039&st=23&ptr=100&q=
FF - ExtSQL: 2013-06-15 21:24; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: !HIDDEN! 2010-11-14 13:14; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - c21b59a50000000000004487fca8727b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15860
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.522:45
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119781&tt=gc_
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-GTA2 - c:\program files (x86)\GTA2\uninst.isu
AddRemove-Imperium Galactica 2 - c:\windows\IsUn0407.exe
AddRemove-QWdlIG9mIEVtcGlyZSAyIEhEIEVkaXRpb24=_is1 - c:\program files (x86)\Age of Empire 2 HD Edition\unins000.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
AddRemove-Siedler3Deinstall - c:\windows\IsUn0407.exe
AddRemove-Star Trek Armada II - c:\windows\IsUn0407.exe
AddRemove-Supreme Commander 2_is1 - c:\program files (x86)\SQUARE ENIX\Supreme Commander 2\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{4916C011-3048-456A-8F34-1A5DF90ECC2B}_is1 - c:\program files (x86)\Ubisoft\Related Designs\ANNO 2070\unins000.exe
AddRemove-{5281D4DA-3802-4FAE-A941-E0CBE79BACFC}_is1 - c:\program files (x86)\2K Games\Duke Nukem Forever\unins000.exe
AddRemove-{C3E3DE88-5C71-433B-917D-064ACCDC9CAD}_is1 - c:\program files (x86)\Kalypso\Jagged Alliance - Back in Action\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1557765290-4178029710-2347594186-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:18,a3,23,b4,70,4a,fa,de,24,1b,7e,6f,2d,ae,5b,56,22,e4,d4,3b,d6,ad,d7,
c0,0e,79,99,c9,40,f9,81,3c,d7,08,95,85,24,fa,9f,18,0a,62,f4,f7,4e,3b,a3,45,\
"??"=hex:d6,0c,ac,78,c0,d2,0b,85,55,19,64,2e,7e,74,10,38
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-16 12:43:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-16 10:43
ComboFix2.txt 2013-06-16 09:07
.
Vor Suchlauf: 17 Verzeichnis(se), 762.151.378.944 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 761.596.067.840 Bytes frei
.
- - End Of File - - 68F99FFBFE97BE5CA4B6D40FB472B00D
A36C5E4F47E84449FF07ED3517B43A31
|
|
16.06.2013, 11:52
| #8 |
| /// the machine /// TB-Ausbilder | Deal Finder eingefangen und evtl auch andere Plagegeister Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log, noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.06.2013, 16:46
| #9 |
| | Deal Finder eingefangen und evtl auch andere PlagegeisterCode:
ATTFilter # AdwCleaner v2.303 - Datei am 16/06/2013 um 13:15:02 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Mike - MIKE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mike\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\searchplugins\SweetIM Search.xml
Datei Gelöscht : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-enabler.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-updater.job
Ordner Gelöscht : C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Plus-HD-2.2
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Mike\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Mike\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Mike\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Mike\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Mike\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Mike\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Mike\AppData\LocalLow\ShopperReports3
Ordner Gelöscht : C:\Users\Mike\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Mike\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\Mike\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-2.2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ShopperReports3
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136}
Schlüssel Gelöscht : HKLM\Software\Plus-HD-2.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\84df8bb135bd44
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311301136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6e150862-f9e8-456e-9cbc-2cde1a9f2e33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b9a768bd-f835-45d9-92a1-f52a7cee5d5d}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c8615e25-d5b5-4ddd-a3c4-21c5d716fb59}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cdac653c-e45e-43e8-ad5d-a09695a1ac4f}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e92d3824-41f7-4eae-9e0d-13d0bbde726d}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=119781&tt=gc_&babsrc=HP_ss_din2g&mntrId=C21B4487FCA8727B --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\prefs.js
C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultenginename", "SweetIM Search");
Gelöscht : user_pref("browser.search.selectedEngine", "SweetIM Search");
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "c21b59a50000000000004487fca8727b");
Gelöscht : user_pref("extensions.delta.instlDay", "15860");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.522:45:24");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119781&tt=gc_");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=6&barid={29474EC1-D5F1-11E2-91A1-[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.t-online.de/");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?ptr=100&crg=3.1010000.10039&bar[...]
*************************
AdwCleaner[S1].txt - [12919 octets] - [16/06/2013 13:15:02]
########## EOF - C:\AdwCleaner[S1].txt - [12980 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Mike on 16.06.2013 at 13:24:28,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\ci6obox7.default\invalidprefs.js
Successfully deleted the following from C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\ci6obox7.default\prefs.js
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.js", "\n\n /************************************************************
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_91.code", "(function(c){if(typeof appAPI.internal.monetiza
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.crossrider.bic", "13f12d38616b9f331c172d2cb466f3c9");
Emptied folder: C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\ci6obox7.default\minidumps [511 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.06.2013 at 13:27:38,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7dbfe4cb66702e4c8e3d03b9670f6320
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-09 05:31:23
# local_time=2011-07-09 07:31:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 253224 46753636 249129 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 691600 61851623 0 0
# compatibility_mode=8192 67108863 100 0 106 106 0 0
# scanned=199312
# found=3
# cleaned=3
# scan_time=10910
C:\Users\Mike\Desktop\Eigene Dateien\Nero 8\Nero-8.3.6.0 de.exe Win32/Toolbar.AskSBar Anwendung (gelöscht - in Quarantäne kopiert) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\upgrade[5].cab Variante von Win32/Adware.OneStep.AI Anwendung (gelöscht - in Quarantäne kopiert) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\upgrade[4].cab Variante von Win32/Adware.OneStep.AI Anwendung (gelöscht - in Quarantäne kopiert) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7dbfe4cb66702e4c8e3d03b9670f6320
# engine=14085
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-16 02:09:21
# local_time=2013-06-16 04:09:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=1799 16775165 100 96 71514 236815051 21105 0
# compatibility_mode=5893 16776573 100 94 10227 123021611 0 0
# scanned=241752
# found=0
# cleaned=0
# scan_time=9308
Ich danke dir jetzt schon für deine Mühe! Der Deal finder ist auf jeden Fall schon mal weg Ich muss mich jetzt etwas hinlegen weil ich sehr früh aufstehen muss  Ich mach morgen weiter. Geändert von Mike1985 (16.06.2013 um 17:22 Uhr) |
|
16.06.2013, 18:37
| #10 |
| /// the machine /// TB-Ausbilder | Deal Finder eingefangen und evtl auch andere Plagegeister Frisches FRST Log fehlt noch
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.06.2013, 09:43
| #11 |
| | Deal Finder eingefangen und evtl auch andere Plagegeister Hallo schrauber. security check hat jetzt funktioniert. Code:
ATTFilter Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 35 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (For.) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by Mike (administrator) on 17-06-2013 10:40:38
Running from C:\Users\Mike\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(ABBYY) C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft) C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8312352 2009-11-02] (Realtek Semiconductor)
HKCU\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6869080 2013-02-11] (SlySoft, Inc.)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-26] ()
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-10-08] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-22] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: HP Smart Print BHO - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-25] ()
R2 ABBYY.Licensing.PDFTransformer.Site License.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-27] (Avira Operations GmbH & Co. KG)
S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [238328 2009-10-10] (WildTangent, Inc.)
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-24] ()
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
==================== Drivers (Whitelisted) ====================
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-20] (DT Soft Ltd)
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-16] (Duplex Secure Ltd.)
U3 avdzazog; C:\Windows\System32\Drivers\avdzazog.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz132; \??\C:\Users\Mike\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S1 ikccvsfz; \??\C:\Windows\system32\drivers\ikccvsfz.sys [x]
S1 itxxvtub; \??\C:\Windows\system32\drivers\itxxvtub.sys [x]
S1 kjrqtluh; \??\C:\Windows\system32\drivers\kjrqtluh.sys [x]
S1 kpsxboet; \??\C:\Windows\system32\drivers\kpsxboet.sys [x]
S1 kspeywng; \??\C:\Windows\system32\drivers\kspeywng.sys [x]
S1 lbzpvmqv; \??\C:\Windows\system32\drivers\lbzpvmqv.sys [x]
S1 lszxvuwg; \??\C:\Windows\system32\drivers\lszxvuwg.sys [x]
S1 mccngvek; \??\C:\Windows\system32\drivers\mccngvek.sys [x]
S1 mdicgsjk; \??\C:\Windows\system32\drivers\mdicgsjk.sys [x]
S1 mqixzscz; \??\C:\Windows\system32\drivers\mqixzscz.sys [x]
S1 msuindag; \??\C:\Windows\system32\drivers\msuindag.sys [x]
S1 niozdyml; \??\C:\Windows\system32\drivers\niozdyml.sys [x]
S1 nyzctwrf; \??\C:\Windows\system32\drivers\nyzctwrf.sys [x]
S1 ocjadhqv; \??\C:\Windows\system32\drivers\ocjadhqv.sys [x]
S1 oigajvie; \??\C:\Windows\system32\drivers\oigajvie.sys [x]
S1 oprzdfuo; \??\C:\Windows\system32\drivers\oprzdfuo.sys [x]
S1 orwmdtfm; \??\C:\Windows\system32\drivers\orwmdtfm.sys [x]
S1 oxwrcqcy; \??\C:\Windows\system32\drivers\oxwrcqcy.sys [x]
S1 phfvrgwh; \??\C:\Windows\system32\drivers\phfvrgwh.sys [x]
S1 pjcfpant; \??\C:\Windows\system32\drivers\pjcfpant.sys [x]
S1 plhpktib; \??\C:\Windows\system32\drivers\plhpktib.sys [x]
S1 pqhrejwu; \??\C:\Windows\system32\drivers\pqhrejwu.sys [x]
S1 qetdlkmt; \??\C:\Windows\system32\drivers\qetdlkmt.sys [x]
S1 qfqkfabl; \??\C:\Windows\system32\drivers\qfqkfabl.sys [x]
S1 qnkuvvak; \??\C:\Windows\system32\drivers\qnkuvvak.sys [x]
S1 reolktay; \??\C:\Windows\system32\drivers\reolktay.sys [x]
S1 rgtbdpfp; \??\C:\Windows\system32\drivers\rgtbdpfp.sys [x]
S1 rhqyeazl; \??\C:\Windows\system32\drivers\rhqyeazl.sys [x]
S1 rmnugqgp; \??\C:\Windows\system32\drivers\rmnugqgp.sys [x]
S1 ruvxhgtb; \??\C:\Windows\system32\drivers\ruvxhgtb.sys [x]
S1 sanpxhga; \??\C:\Windows\system32\drivers\sanpxhga.sys [x]
S1 sbxputqo; \??\C:\Windows\system32\drivers\sbxputqo.sys [x]
S1 sgnshsat; \??\C:\Windows\system32\drivers\sgnshsat.sys [x]
S1 tvplmoni; \??\C:\Windows\system32\drivers\tvplmoni.sys [x]
S1 tyrdbefy; \??\C:\Windows\system32\drivers\tyrdbefy.sys [x]
S1 ucgodlmt; \??\C:\Windows\system32\drivers\ucgodlmt.sys [x]
S1 uedctjja; \??\C:\Windows\system32\drivers\uedctjja.sys [x]
S1 vahrlmxc; \??\C:\Windows\system32\drivers\vahrlmxc.sys [x]
S1 vcvuuzmw; \??\C:\Windows\system32\drivers\vcvuuzmw.sys [x]
S1 veaauvmh; \??\C:\Windows\system32\drivers\veaauvmh.sys [x]
S1 vetnlooa; \??\C:\Windows\system32\drivers\vetnlooa.sys [x]
S1 vnlcwopc; \??\C:\Windows\system32\drivers\vnlcwopc.sys [x]
S1 vtndwbsb; \??\C:\Windows\system32\drivers\vtndwbsb.sys [x]
S1 wdhxyita; \??\C:\Windows\system32\drivers\wdhxyita.sys [x]
S1 wqazbfjq; \??\C:\Windows\system32\drivers\wqazbfjq.sys [x]
S1 wukdweuw; \??\C:\Windows\system32\drivers\wukdweuw.sys [x]
S1 wwiqhkwe; \??\C:\Windows\system32\drivers\wwiqhkwe.sys [x]
S1 xkzacprj; \??\C:\Windows\system32\drivers\xkzacprj.sys [x]
S1 xsfwvrca; \??\C:\Windows\system32\drivers\xsfwvrca.sys [x]
S1 yenbmchu; \??\C:\Windows\system32\drivers\yenbmchu.sys [x]
S1 yfabucqn; \??\C:\Windows\system32\drivers\yfabucqn.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-16 18:19 - 2013-06-16 18:19 - 00890839 ____A C:\Users\Mike\Desktop\SecurityCheck.exe
2013-06-16 13:24 - 2013-06-16 13:24 - 00000000 ____D C:\Windows\ERUNT
2013-06-16 13:24 - 2013-06-16 13:24 - 00000000 ____D C:\JRT
2013-06-16 12:43 - 2013-06-16 12:43 - 00037882 ____A C:\ComboFix.txt
2013-06-16 10:58 - 2013-06-16 12:43 - 00000000 ___AD C:\Qoobox
2013-06-16 10:58 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-16 10:58 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-16 10:58 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-16 10:58 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-16 10:58 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-16 10:58 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-16 10:58 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-16 10:58 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-16 10:57 - 2013-06-16 12:37 - 00000000 ____D C:\Windows\erdnt
2013-06-16 10:20 - 2013-06-16 10:20 - 01920546 ____A (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2013-06-16 10:20 - 2013-06-16 10:20 - 00000000 ____D C:\FRST
2013-06-16 03:00 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 03:00 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 03:00 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 03:00 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 03:00 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 03:00 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 03:00 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 03:00 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 21:24 - 2013-06-16 03:18 - 00000000 ____D C:\Users\Mike\Tracing
2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-06-15 21:24 - 2013-05-16 14:32 - 01277744 ____A C:\Windows\System32\dmwu.exe
2013-06-15 21:24 - 2013-05-16 14:31 - 00035328 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2013-06-15 21:23 - 2013-06-15 21:23 - 00162016 ____A () C:\Users\Mike\Downloads\7ZipSetup.exe
2013-06-14 20:57 - 2013-06-14 20:57 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-14 20:57 - 2013-06-14 20:57 - 00000000 ____A C:\autoexec.bat
2013-06-14 20:56 - 2013-06-15 08:45 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-12 18:10 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 18:10 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 18:10 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 18:10 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 18:10 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 18:10 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 18:10 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 18:10 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 18:10 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 18:10 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 18:10 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 18:10 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 11:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 11:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 11:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 11:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 11:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 11:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 11:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 11:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 11:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 11:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 11:42 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 11:42 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 11:42 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-08 23:44 - 2013-06-08 23:44 - 00000172 ____A C:\Users\Mike\Downloads\4.41_Version_Spoofer_2.3_Links(1).rar
2013-06-08 22:58 - 2013-06-08 22:58 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-08 22:58 - 2013-06-08 22:58 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-03 22:41 - 2013-06-03 22:41 - 00000000 ____D C:\Users\Public\Documents\Stardock
2013-06-03 22:41 - 2013-06-03 22:41 - 00000000 ____D C:\Users\Mike\AppData\Local\Stardock
2013-06-03 22:38 - 2013-06-03 22:38 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Stardock
2013-06-03 22:37 - 2013-06-03 22:41 - 00000000 ____D C:\ProgramData\Stardock
2013-06-02 20:26 - 2013-06-02 20:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\StarDrive
2013-06-02 20:24 - 2013-06-02 20:24 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-06-01 19:52 - 2013-06-01 19:52 - 03549128 ____A C:\Users\Mike\Downloads\privat.rar
2013-06-01 19:22 - 2013-06-01 19:31 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Reign of Augustus
2013-06-01 08:12 - 2013-06-01 08:12 - 00875472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2013-06-01 08:03 - 2013-06-01 08:03 - 00535008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2013-06-01 07:57 - 2013-04-11 16:12 - 00019392 ____A (Dll-Files.com) C:\Windows\System32\roboot64.exe
2013-05-31 08:51 - 2013-05-31 08:51 - 00000000 ____D C:\ProgramData\Package Cache
2013-05-27 11:26 - 2013-05-27 11:26 - 00000000 ____D C:\Users\Mike\Documents\FUSSBALL MANAGER 13
2013-05-24 11:16 - 2013-06-15 21:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 10:51 - 2013-05-20 10:51 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2013-05-20 10:51 - 2013-05-20 10:51 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-05-18 19:24 - 2013-05-18 19:24 - 09304264 ____A (Wargaming.net ) C:\Users\Mike\Downloads\WoT_internet_install_eu.exe
==================== One Month Modified Files and Folders =======
2013-06-17 10:27 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-17 10:27 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-17 10:20 - 2013-02-13 22:40 - 00000040 ___SH C:\ProgramData\.zreglib
2013-06-17 10:20 - 2011-08-07 21:01 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-17 10:20 - 2011-07-06 08:43 - 00057325 ____A C:\Windows\setupact.log
2013-06-17 10:20 - 2010-05-26 07:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-17 10:20 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-16 18:44 - 2010-05-26 07:15 - 01118760 ____A C:\Windows\WindowsUpdate.log
2013-06-16 18:19 - 2013-06-16 18:19 - 00890839 ____A C:\Users\Mike\Desktop\SecurityCheck.exe
2013-06-16 18:10 - 2012-04-23 08:36 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-16 17:47 - 2011-08-07 21:01 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-16 13:24 - 2013-06-16 13:24 - 00000000 ____D C:\Windows\ERUNT
2013-06-16 13:24 - 2013-06-16 13:24 - 00000000 ____D C:\JRT
2013-06-16 13:15 - 2010-11-19 17:27 - 00000000 ____D C:\ProgramData\ICQ
2013-06-16 12:43 - 2013-06-16 12:43 - 00037882 ____A C:\ComboFix.txt
2013-06-16 12:43 - 2013-06-16 10:58 - 00000000 ___AD C:\Qoobox
2013-06-16 12:38 - 2011-07-10 13:18 - 00058240 ____A C:\Windows\PFRO.log
2013-06-16 12:38 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-16 12:37 - 2013-06-16 10:57 - 00000000 ____D C:\Windows\erdnt
2013-06-16 11:19 - 2010-11-05 13:11 - 00000000 ____D C:\Users\Mike\Desktop\Michi
2013-06-16 10:20 - 2013-06-16 10:20 - 01920546 ____A (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2013-06-16 10:20 - 2013-06-16 10:20 - 00000000 ____D C:\FRST
2013-06-16 10:17 - 2010-11-05 12:46 - 00000000 ____D C:\Users\Mike\Desktop\JDownloader
2013-06-16 03:18 - 2013-06-15 21:24 - 00000000 ____D C:\Users\Mike\Tracing
2013-06-15 23:09 - 2010-11-05 14:05 - 00000000 ____D C:\Users\Mike\Documents\Outlook-Dateien
2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-06-15 21:24 - 2013-05-24 11:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-15 21:24 - 2011-05-21 19:01 - 00000000 ____D C:\Users\Mike\AppData\Roaming\ICQ
2013-06-15 21:24 - 2010-11-05 12:22 - 00000000 ____D C:\users\Mike
2013-06-15 21:23 - 2013-06-15 21:23 - 00162016 ____A () C:\Users\Mike\Downloads\7ZipSetup.exe
2013-06-15 08:45 - 2013-06-14 20:56 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-14 20:57 - 2013-06-14 20:57 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-14 20:57 - 2013-06-14 20:57 - 00000000 ____A C:\autoexec.bat
2013-06-13 11:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 18:11 - 2011-06-30 19:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 14:10 - 2012-04-23 08:36 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 14:10 - 2012-02-02 19:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 15:41 - 2011-07-02 09:29 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server
2013-06-08 23:46 - 2011-02-26 15:10 - 00000000 ____D C:\Users\Mike\Desktop\PS3 Jailbreak
2013-06-08 23:44 - 2013-06-08 23:44 - 00000172 ____A C:\Users\Mike\Downloads\4.41_Version_Spoofer_2.3_Links(1).rar
2013-06-08 22:58 - 2013-06-08 22:58 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-08 22:58 - 2013-06-08 22:58 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-08 21:40 - 2010-05-26 16:56 - 00700342 ____A C:\Windows\System32\perfh007.dat
2013-06-08 21:40 - 2010-05-26 16:56 - 00149138 ____A C:\Windows\System32\perfc007.dat
2013-06-08 21:40 - 2009-07-14 07:13 - 01621940 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-08 16:08 - 2013-06-16 03:00 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-16 03:00 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-16 03:00 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-16 03:00 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-16 03:00 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-16 03:00 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-05 11:45 - 2011-06-18 17:24 - 00000000 ____D C:\Users\Mike\Documents\My Games
2013-06-05 11:40 - 2011-09-27 22:44 - 00000000 ____D C:\Users\Mike\Desktop\Spiele
2013-06-05 08:24 - 2010-05-22 08:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-05 08:09 - 2011-08-21 13:39 - 01024634 ____A C:\Windows\DirectX.log
2013-06-03 22:41 - 2013-06-03 22:41 - 00000000 ____D C:\Users\Public\Documents\Stardock
2013-06-03 22:41 - 2013-06-03 22:41 - 00000000 ____D C:\Users\Mike\AppData\Local\Stardock
2013-06-03 22:41 - 2013-06-03 22:37 - 00000000 ____D C:\ProgramData\Stardock
2013-06-03 22:38 - 2013-06-03 22:38 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Stardock
2013-06-02 20:26 - 2013-06-02 20:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\StarDrive
2013-06-02 20:24 - 2013-06-02 20:24 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-06-01 19:52 - 2013-06-01 19:52 - 03549128 ____A C:\Users\Mike\Downloads\privat.rar
2013-06-01 19:31 - 2013-06-01 19:22 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Reign of Augustus
2013-06-01 08:12 - 2013-06-01 08:12 - 00875472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2013-06-01 08:12 - 2013-04-10 10:47 - 00000000 ____D C:\ProgramData\Steam
2013-06-01 08:03 - 2013-06-01 08:03 - 00535008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2013-05-31 08:51 - 2013-05-31 08:51 - 00000000 ____D C:\ProgramData\Package Cache
2013-05-30 07:55 - 2012-03-29 13:57 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Kalypso Media
2013-05-27 11:26 - 2013-05-27 11:26 - 00000000 ____D C:\Users\Mike\Documents\FUSSBALL MANAGER 13
2013-05-26 16:50 - 2011-07-30 08:51 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Winamp
2013-05-25 11:39 - 2010-11-06 12:47 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-05-25 11:12 - 2012-04-27 11:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-20 10:51 - 2013-05-20 10:51 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2013-05-20 10:51 - 2013-05-20 10:51 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-05-18 19:24 - 2013-05-18 19:24 - 09304264 ____A (Wargaming.net ) C:\Users\Mike\Downloads\WoT_internet_install_eu.exe
2013-05-18 19:24 - 2012-12-22 09:48 - 00000000 ____D C:\Windows\SysWOW64\directx
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 11:25
==================== End Of Log ============================
|
|
17.06.2013, 10:56
| #12 |
| /// the machine /// TB-Ausbilder | Deal Finder eingefangen und evtl auch andere Plagegeister Hi, Java und Adobe bitte updaten. Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S1 ikccvsfz; \??\C:\Windows\system32\drivers\ikccvsfz.sys [x]
S1 itxxvtub; \??\C:\Windows\system32\drivers\itxxvtub.sys [x]
S1 kjrqtluh; \??\C:\Windows\system32\drivers\kjrqtluh.sys [x]
S1 kpsxboet; \??\C:\Windows\system32\drivers\kpsxboet.sys [x]
S1 kspeywng; \??\C:\Windows\system32\drivers\kspeywng.sys [x]
S1 lbzpvmqv; \??\C:\Windows\system32\drivers\lbzpvmqv.sys [x]
S1 lszxvuwg; \??\C:\Windows\system32\drivers\lszxvuwg.sys [x]
S1 mccngvek; \??\C:\Windows\system32\drivers\mccngvek.sys [x]
S1 mdicgsjk; \??\C:\Windows\system32\drivers\mdicgsjk.sys [x]
S1 mqixzscz; \??\C:\Windows\system32\drivers\mqixzscz.sys [x]
S1 msuindag; \??\C:\Windows\system32\drivers\msuindag.sys [x]
S1 niozdyml; \??\C:\Windows\system32\drivers\niozdyml.sys [x]
S1 nyzctwrf; \??\C:\Windows\system32\drivers\nyzctwrf.sys [x]
S1 ocjadhqv; \??\C:\Windows\system32\drivers\ocjadhqv.sys [x]
S1 oigajvie; \??\C:\Windows\system32\drivers\oigajvie.sys [x]
S1 oprzdfuo; \??\C:\Windows\system32\drivers\oprzdfuo.sys [x]
S1 orwmdtfm; \??\C:\Windows\system32\drivers\orwmdtfm.sys [x]
S1 oxwrcqcy; \??\C:\Windows\system32\drivers\oxwrcqcy.sys [x]
S1 phfvrgwh; \??\C:\Windows\system32\drivers\phfvrgwh.sys [x]
S1 pjcfpant; \??\C:\Windows\system32\drivers\pjcfpant.sys [x]
S1 plhpktib; \??\C:\Windows\system32\drivers\plhpktib.sys [x]
S1 pqhrejwu; \??\C:\Windows\system32\drivers\pqhrejwu.sys [x]
S1 qetdlkmt; \??\C:\Windows\system32\drivers\qetdlkmt.sys [x]
S1 qfqkfabl; \??\C:\Windows\system32\drivers\qfqkfabl.sys [x]
S1 qnkuvvak; \??\C:\Windows\system32\drivers\qnkuvvak.sys [x]
S1 reolktay; \??\C:\Windows\system32\drivers\reolktay.sys [x]
S1 rgtbdpfp; \??\C:\Windows\system32\drivers\rgtbdpfp.sys [x]
S1 rhqyeazl; \??\C:\Windows\system32\drivers\rhqyeazl.sys [x]
S1 rmnugqgp; \??\C:\Windows\system32\drivers\rmnugqgp.sys [x]
S1 ruvxhgtb; \??\C:\Windows\system32\drivers\ruvxhgtb.sys [x]
S1 sanpxhga; \??\C:\Windows\system32\drivers\sanpxhga.sys [x]
S1 sbxputqo; \??\C:\Windows\system32\drivers\sbxputqo.sys [x]
S1 sgnshsat; \??\C:\Windows\system32\drivers\sgnshsat.sys [x]
S1 tvplmoni; \??\C:\Windows\system32\drivers\tvplmoni.sys [x]
S1 tyrdbefy; \??\C:\Windows\system32\drivers\tyrdbefy.sys [x]
S1 ucgodlmt; \??\C:\Windows\system32\drivers\ucgodlmt.sys [x]
S1 uedctjja; \??\C:\Windows\system32\drivers\uedctjja.sys [x]
S1 vahrlmxc; \??\C:\Windows\system32\drivers\vahrlmxc.sys [x]
S1 vcvuuzmw; \??\C:\Windows\system32\drivers\vcvuuzmw.sys [x]
S1 veaauvmh; \??\C:\Windows\system32\drivers\veaauvmh.sys [x]
S1 vetnlooa; \??\C:\Windows\system32\drivers\vetnlooa.sys [x]
S1 vnlcwopc; \??\C:\Windows\system32\drivers\vnlcwopc.sys [x]
S1 vtndwbsb; \??\C:\Windows\system32\drivers\vtndwbsb.sys [x]
S1 wdhxyita; \??\C:\Windows\system32\drivers\wdhxyita.sys [x]
S1 wqazbfjq; \??\C:\Windows\system32\drivers\wqazbfjq.sys [x]
S1 wukdweuw; \??\C:\Windows\system32\drivers\wukdweuw.sys [x]
S1 wwiqhkwe; \??\C:\Windows\system32\drivers\wwiqhkwe.sys [x]
S1 xkzacprj; \??\C:\Windows\system32\drivers\xkzacprj.sys [x]
S1 xsfwvrca; \??\C:\Windows\system32\drivers\xsfwvrca.sys [x]
S1 yenbmchu; \??\C:\Windows\system32\drivers\yenbmchu.sys [x]
S1 yfabucqn; \??\C:\Windows\system32\drivers\yfabucqn.sys [x]
Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Es wird nur eine FRST.txt erzeugt. Poste mir diese.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.06.2013, 11:29
| #13 |
| | Deal Finder eingefangen und evtl auch andere Plagegeister Kann ich beim java update was falsch machen? hab da schon einiges gehört.. Ich hoff ich hab jetzt alles richtig gemacht. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2013 01
Ran by Mike at 2013-06-17 12:24:16 Run:1
Running from C:\Users\Mike\Desktop
Boot Mode: Normal
==============================================
ikccvsfz => Service deleted successfully.
itxxvtub => Service deleted successfully.
kjrqtluh => Service deleted successfully.
kpsxboet => Service deleted successfully.
kspeywng => Service deleted successfully.
lbzpvmqv => Service deleted successfully.
lszxvuwg => Service deleted successfully.
mccngvek => Service deleted successfully.
mdicgsjk => Service deleted successfully.
mqixzscz => Service deleted successfully.
msuindag => Service deleted successfully.
niozdyml => Service deleted successfully.
nyzctwrf => Service deleted successfully.
ocjadhqv => Service deleted successfully.
oigajvie => Service deleted successfully.
oprzdfuo => Service deleted successfully.
orwmdtfm => Service deleted successfully.
oxwrcqcy => Service deleted successfully.
phfvrgwh => Service deleted successfully.
pjcfpant => Service deleted successfully.
plhpktib => Service deleted successfully.
pqhrejwu => Service deleted successfully.
qetdlkmt => Service deleted successfully.
qfqkfabl => Service deleted successfully.
qnkuvvak => Service deleted successfully.
reolktay => Service deleted successfully.
rgtbdpfp => Service deleted successfully.
rhqyeazl => Service deleted successfully.
rmnugqgp => Service deleted successfully.
ruvxhgtb => Service deleted successfully.
sanpxhga => Service deleted successfully.
sbxputqo => Service deleted successfully.
sgnshsat => Service deleted successfully.
tvplmoni => Service deleted successfully.
tyrdbefy => Service deleted successfully.
ucgodlmt => Service deleted successfully.
uedctjja => Service deleted successfully.
vahrlmxc => Service deleted successfully.
vcvuuzmw => Service deleted successfully.
veaauvmh => Service deleted successfully.
vetnlooa => Service deleted successfully.
vnlcwopc => Service deleted successfully.
vtndwbsb => Service deleted successfully.
wdhxyita => Service deleted successfully.
wqazbfjq => Service deleted successfully.
wukdweuw => Service deleted successfully.
wwiqhkwe => Service deleted successfully.
xkzacprj => Service deleted successfully.
xsfwvrca => Service deleted successfully.
yenbmchu => Service deleted successfully.
yfabucqn => Service deleted successfully.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2013 01
Ran by Mike (administrator) on 17-06-2013 12:25:20
Running from C:\Users\Mike\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(ABBYY) C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft) C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8312352 2009-11-02] (Realtek Semiconductor)
HKCU\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6869080 2013-02-11] (SlySoft, Inc.)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-26] ()
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-10-08] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-22] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: HP Smart Print BHO - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ci6obox7.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-25] ()
R2 ABBYY.Licensing.PDFTransformer.Site License.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-27] (Avira Operations GmbH & Co. KG)
S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [238328 2009-10-10] (WildTangent, Inc.)
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-24] ()
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
==================== Drivers (Whitelisted) ====================
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-20] (DT Soft Ltd)
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-01-16] (Duplex Secure Ltd.)
U3 avdzazog; C:\Windows\System32\Drivers\avdzazog.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz132; \??\C:\Users\Mike\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-17 12:21 - 2013-06-17 12:21 - 01926844 ____A (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2013-06-16 13:24 - 2013-06-16 13:24 - 00000000 ____D C:\Windows\ERUNT
2013-06-16 13:24 - 2013-06-16 13:24 - 00000000 ____D C:\JRT
2013-06-16 12:43 - 2013-06-16 12:43 - 00037882 ____A C:\ComboFix.txt
2013-06-16 10:58 - 2013-06-16 12:43 - 00000000 ___AD C:\Qoobox
2013-06-16 10:58 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-16 10:58 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-16 10:58 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-16 10:58 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-16 10:58 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-16 10:58 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-16 10:58 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-16 10:58 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-16 10:57 - 2013-06-16 12:37 - 00000000 ____D C:\Windows\erdnt
2013-06-16 10:20 - 2013-06-16 10:20 - 00000000 ____D C:\FRST
2013-06-16 03:00 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 03:00 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 03:00 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 03:00 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 03:00 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 03:00 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 03:00 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 03:00 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 21:24 - 2013-06-16 03:18 - 00000000 ____D C:\Users\Mike\Tracing
2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-06-15 21:24 - 2013-05-16 14:32 - 01277744 ____A C:\Windows\System32\dmwu.exe
2013-06-15 21:24 - 2013-05-16 14:31 - 00035328 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2013-06-15 21:23 - 2013-06-15 21:23 - 00162016 ____A () C:\Users\Mike\Downloads\7ZipSetup.exe
2013-06-14 20:57 - 2013-06-14 20:57 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-14 20:57 - 2013-06-14 20:57 - 00000000 ____A C:\autoexec.bat
2013-06-14 20:56 - 2013-06-15 08:45 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-12 18:10 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 18:10 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 18:10 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 18:10 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 18:10 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 18:10 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 18:10 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 18:10 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 18:10 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 18:10 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 18:10 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 18:10 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 18:10 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 11:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 11:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 11:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 11:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 11:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 11:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 11:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 11:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 11:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 11:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 11:42 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 11:42 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 11:42 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-08 23:44 - 2013-06-08 23:44 - 00000172 ____A C:\Users\Mike\Downloads\4.41_Version_Spoofer_2.3_Links(1).rar
2013-06-08 22:58 - 2013-06-08 22:58 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-08 22:58 - 2013-06-08 22:58 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-03 22:41 - 2013-06-03 22:41 - 00000000 ____D C:\Users\Public\Documents\Stardock
2013-06-03 22:41 - 2013-06-03 22:41 - 00000000 ____D C:\Users\Mike\AppData\Local\Stardock
2013-06-03 22:38 - 2013-06-03 22:38 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Stardock
2013-06-03 22:37 - 2013-06-03 22:41 - 00000000 ____D C:\ProgramData\Stardock
2013-06-02 20:26 - 2013-06-02 20:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\StarDrive
2013-06-02 20:24 - 2013-06-02 20:24 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-06-01 19:52 - 2013-06-01 19:52 - 03549128 ____A C:\Users\Mike\Downloads\privat.rar
2013-06-01 19:22 - 2013-06-01 19:31 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Reign of Augustus
2013-06-01 08:12 - 2013-06-01 08:12 - 00875472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2013-06-01 08:03 - 2013-06-01 08:03 - 00535008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2013-06-01 07:57 - 2013-04-11 16:12 - 00019392 ____A (Dll-Files.com) C:\Windows\System32\roboot64.exe
2013-05-31 08:51 - 2013-05-31 08:51 - 00000000 ____D C:\ProgramData\Package Cache
2013-05-27 11:26 - 2013-05-27 11:26 - 00000000 ____D C:\Users\Mike\Documents\FUSSBALL MANAGER 13
2013-05-24 11:16 - 2013-06-15 21:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 10:51 - 2013-05-20 10:51 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2013-05-20 10:51 - 2013-05-20 10:51 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-05-18 19:24 - 2013-05-18 19:24 - 09304264 ____A (Wargaming.net ) C:\Users\Mike\Downloads\WoT_internet_install_eu.exe
==================== One Month Modified Files and Folders =======
2013-06-17 12:21 - 2013-06-17 12:21 - 01926844 ____A (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2013-06-17 12:10 - 2012-04-23 08:36 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-17 11:47 - 2011-08-07 21:01 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-17 10:53 - 2010-11-05 14:05 - 00000000 ____D C:\Users\Mike\Documents\Outlook-Dateien
2013-06-17 10:27 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-17 10:27 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-17 10:20 - 2013-02-13 22:40 - 00000040 ___SH C:\ProgramData\.zreglib
2013-06-17 10:20 - 2011-08-07 21:01 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-17 10:20 - 2011-07-06 08:43 - 00057325 ____A C:\Windows\setupact.log
2013-06-17 10:20 - 2010-05-26 07:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-17 10:20 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-16 18:44 - 2010-05-26 07:15 - 01118760 ____A C:\Windows\WindowsUpdate.log
2013-06-16 13:24 - 2013-06-16 13:24 - 00000000 ____D C:\Windows\ERUNT
2013-06-16 13:24 - 2013-06-16 13:24 - 00000000 ____D C:\JRT
2013-06-16 13:15 - 2010-11-19 17:27 - 00000000 ____D C:\ProgramData\ICQ
2013-06-16 12:43 - 2013-06-16 12:43 - 00037882 ____A C:\ComboFix.txt
2013-06-16 12:43 - 2013-06-16 10:58 - 00000000 ___AD C:\Qoobox
2013-06-16 12:38 - 2011-07-10 13:18 - 00058240 ____A C:\Windows\PFRO.log
2013-06-16 12:38 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-16 12:37 - 2013-06-16 10:57 - 00000000 ____D C:\Windows\erdnt
2013-06-16 11:19 - 2010-11-05 13:11 - 00000000 ____D C:\Users\Mike\Desktop\Michi
2013-06-16 10:20 - 2013-06-16 10:20 - 00000000 ____D C:\FRST
2013-06-16 10:17 - 2010-11-05 12:46 - 00000000 ____D C:\Users\Mike\Desktop\JDownloader
2013-06-16 03:18 - 2013-06-15 21:24 - 00000000 ____D C:\Users\Mike\Tracing
2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-06-15 21:24 - 2013-06-15 21:24 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-06-15 21:24 - 2013-05-24 11:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-15 21:24 - 2011-05-21 19:01 - 00000000 ____D C:\Users\Mike\AppData\Roaming\ICQ
2013-06-15 21:24 - 2010-11-05 12:22 - 00000000 ____D C:\users\Mike
2013-06-15 21:23 - 2013-06-15 21:23 - 00162016 ____A () C:\Users\Mike\Downloads\7ZipSetup.exe
2013-06-15 08:45 - 2013-06-14 20:56 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-14 20:57 - 2013-06-14 20:57 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-14 20:57 - 2013-06-14 20:57 - 00000000 ____A C:\autoexec.bat
2013-06-13 11:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 18:11 - 2011-06-30 19:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 14:10 - 2012-04-23 08:36 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 14:10 - 2012-02-02 19:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 15:41 - 2011-07-02 09:29 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server
2013-06-08 23:46 - 2011-02-26 15:10 - 00000000 ____D C:\Users\Mike\Desktop\PS3 Jailbreak
2013-06-08 23:44 - 2013-06-08 23:44 - 00000172 ____A C:\Users\Mike\Downloads\4.41_Version_Spoofer_2.3_Links(1).rar
2013-06-08 22:58 - 2013-06-08 22:58 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-08 22:58 - 2013-06-08 22:58 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-08 21:40 - 2010-05-26 16:56 - 00700342 ____A C:\Windows\System32\perfh007.dat
2013-06-08 21:40 - 2010-05-26 16:56 - 00149138 ____A C:\Windows\System32\perfc007.dat
2013-06-08 21:40 - 2009-07-14 07:13 - 01621940 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-08 16:08 - 2013-06-16 03:00 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-16 03:00 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-16 03:00 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-16 03:00 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-16 03:00 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-16 03:00 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-05 11:45 - 2011-06-18 17:24 - 00000000 ____D C:\Users\Mike\Documents\My Games
2013-06-05 11:40 - 2011-09-27 22:44 - 00000000 ____D C:\Users\Mike\Desktop\Spiele
2013-06-05 08:24 - 2010-05-22 08:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-05 08:09 - 2011-08-21 13:39 - 01024634 ____A C:\Windows\DirectX.log
2013-06-03 22:41 - 2013-06-03 22:41 - 00000000 ____D C:\Users\Public\Documents\Stardock
2013-06-03 22:41 - 2013-06-03 22:41 - 00000000 ____D C:\Users\Mike\AppData\Local\Stardock
2013-06-03 22:41 - 2013-06-03 22:37 - 00000000 ____D C:\ProgramData\Stardock
2013-06-03 22:38 - 2013-06-03 22:38 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Stardock
2013-06-02 20:26 - 2013-06-02 20:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\StarDrive
2013-06-02 20:24 - 2013-06-02 20:24 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-06-01 19:52 - 2013-06-01 19:52 - 03549128 ____A C:\Users\Mike\Downloads\privat.rar
2013-06-01 19:31 - 2013-06-01 19:22 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Reign of Augustus
2013-06-01 08:12 - 2013-06-01 08:12 - 00875472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2013-06-01 08:12 - 2013-04-10 10:47 - 00000000 ____D C:\ProgramData\Steam
2013-06-01 08:03 - 2013-06-01 08:03 - 00535008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2013-05-31 08:51 - 2013-05-31 08:51 - 00000000 ____D C:\ProgramData\Package Cache
2013-05-30 07:55 - 2012-03-29 13:57 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Kalypso Media
2013-05-27 11:26 - 2013-05-27 11:26 - 00000000 ____D C:\Users\Mike\Documents\FUSSBALL MANAGER 13
2013-05-26 16:50 - 2011-07-30 08:51 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Winamp
2013-05-25 11:39 - 2010-11-06 12:47 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-05-25 11:12 - 2012-04-27 11:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-20 10:51 - 2013-05-20 10:51 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2013-05-20 10:51 - 2013-05-20 10:51 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-05-18 19:24 - 2013-05-18 19:24 - 09304264 ____A (Wargaming.net ) C:\Users\Mike\Downloads\WoT_internet_install_eu.exe
2013-05-18 19:24 - 2012-12-22 09:48 - 00000000 ____D C:\Windows\SysWOW64\directx
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 11:25
==================== End Of Log ============================
|
|
17.06.2013, 11:55
| #14 |
| /// the machine /// TB-Ausbilder | Deal Finder eingefangen und evtl auch andere Plagegeister Altes Java deinstallieren, neues installieren Wir sind fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.06.2013, 12:32
| #15 |
| | Deal Finder eingefangen und evtl auch andere Plagegeister Vielen Dank für alles  Könnt mich gern mit ner Mass Bier aufm Oktoberfest revangieren?  Ich bin grad dabei die Schritte ab zu arbeiten, ich denk dass bekomm ich jetzt auf die Reihe, du kannst mich also gerne entfernen Aber mein Avira ist immer auf dem aktuellen Stand, was macht es also um mich zu schützen bzw warum hat es mich nicht davor beschützt? Und interessant wäre es noch was ich mir da eingefangen hab und wie "schlimm" es war? Danke nochmal |
|
| Themen zu Deal Finder eingefangen und evtl auch andere Plagegeister |
| administrator, anti-malware, anweisung, dateien, deal finder, eingefangen, erfolgreich, gelöscht, malwarebytes, neu, plagegeister, programme, pup.installbrain, quarantäne, service, spyhunter, spyhunter entfernen, startet, win32/adware.onestep.ai, win32/toolbar.asksbar |
WARNUNG für die MITLESER: 
Hybrid-Darstellung
