| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7-Medlung : Entfernen des Win32/Small.CA-VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.06.2013, 10:46
| #1 |
| |  Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus Hallo Forum, ich habe auch ein Problem mit dem Win32/Small.CA-Virus. Auch bei mir erschien die Medlung im Wartungscentrer von Windows: "Entfernen des Win32/Small.CA-Virus von Ihrem PC Dieses Problem wurde von Win32/Small.CA verursacht, einem bekannten Computervirus." Hab jedoch gelesen, dass das auch ein Fehlalarm sein kann. Ich wüsste auch nicht, wie ich mir diesen Virus eingefangen haben könnte, da ich eigentlich immer recht vorsichtig bin und z.B. keine zweifelhaften Seiten besuche oder zweifelhafte E-mail-Anhänge öffne. Ich habe bereits die vorgeschlagenen Schritte (http://www.trojaner-board.de/137027-...-ca-virus.html) vorgenommen und Malewarebytes Anti-Rootkit Beta, AdwCleaner und Combofix laufen lassen (siehe unten). Die scheinen auch etwas gefunden zu haben. Nun ist die Frage, ob es, erstens, tatsächlich der Win32/small.ca-virus war und zweitens, ob mein Rechner jetzt sauber ist. Leider tu ich mich ziemlich schwer mit dem Lesen dieser Log-files. Wäre super, wenn ihr mir helfen könntet! Ganz ganz herzlichen Dank für eure Hilfe! Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.06.24.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 xxxx:: xxxxxx [administrator] 24.06.2013 11:41:53 mbar-log-2013-06-24 (11-41-53).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 265728 Time elapsed: 26 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Bad: (1) Good: (0) -> Replace on reboot. HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Bad: (1) Good: (0) -> Replace on reboot. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 24/06/2013 um 14:40:04 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxxx- xxxxxxx
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxxx\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\xxxx\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\xxxx\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\8m0khvc4.default\prefs.js
C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\8m0khvc4.default\user.js ... Gelöscht !
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "AVG%20free%20download||theokratisch||ICQ%20Ein%20Versuch%20Ihre%20S[...]
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.0.11");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "124766446112476644611247752955400");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1247752957);
Gelöscht : user_pref("icqtoolbar.version", "1.1.5");
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");
*************************
AdwCleaner[S1].txt - [2600 octets] - [24/06/2013 14:40:04]
########## EOF - C:\AdwCleaner[S1].txt - [2660 octets] ##########
Combofix Logfile: Code:
ATTFilter ComboFix 13-06-24.01 - xxxx 24.06.2013 15:04:30.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3990.2116 [GMT 2:00]
ausgeführt von:: c:\users\xxxx\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6261\AddOnDownloaded\1f7e3200-2791-441e-8615-1258d84e5f61.dll
c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll
c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll
c:\programdata\PCDr\6261\AddOnDownloaded\3820d79a-0389-4fd9-b10c-00d2774e8996.dll
c:\programdata\PCDr\6261\AddOnDownloaded\5e1499b7-780b-4b0e-8240-0221e699a647.dll
c:\programdata\PCDr\6261\AddOnDownloaded\7a273375-a427-45b1-8925-a4fd3312f55b.dll
c:\programdata\PCDr\6261\AddOnDownloaded\958decf6-f105-42b7-b2b8-ecb97b06448b.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b3ef58a2-77e9-414a-b8f6-b8cbbf497383.dll
c:\programdata\PCDr\6261\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\Roaming
c:\users\xxxx\g2mdlhlpx.exe
c:\windows\SysWow64\win.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-24 bis 2013-06-24 ))))))))))))))))))))))))))))))
.
.
2013-06-24 13:19 . 2013-06-24 13:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-24 13:19 . 2013-06-24 13:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-24 13:09 . 2013-06-24 13:09 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69DE9D04-1A81-48E5-9113-094B7023576B}\offreg.dll
2013-06-24 09:41 . 2013-06-24 11:47 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-24 09:26 . 2013-06-24 09:26 -------- d-----w- c:\programdata\Malwarebytes
2013-06-21 07:42 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69DE9D04-1A81-48E5-9113-094B7023576B}\mpengine.dll
2013-06-12 21:31 . 2013-05-17 01:25 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-12 09:46 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 09:46 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 09:46 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 09:46 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 09:46 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-08 22:54 . 2013-06-08 22:54 -------- d-----w- c:\users\xxxx\AppData\Local\Eraser 6
2013-06-08 03:37 . 2013-06-08 03:37 -------- d-----w- c:\program files\Eraser
2013-06-07 19:06 . 2013-06-07 18:54 311200 ----a-w- c:\windows\system32\javaws.exe
2013-06-07 19:06 . 2013-06-07 18:54 188832 ----a-w- c:\windows\system32\javaw.exe
2013-06-07 19:06 . 2013-06-07 18:54 188320 ----a-w- c:\windows\system32\java.exe
2013-06-07 18:55 . 2013-06-07 18:54 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-06 17:57 . 2013-06-24 08:11 -------- d-----w- c:\users\xxxx\AppData\Local\Google
2013-06-06 17:57 . 2013-06-24 08:11 -------- d-----w- c:\program files (x86)\Google
2013-06-06 17:57 . 2013-05-09 08:59 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-06 17:57 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-06-06 17:57 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-06-06 17:57 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-06-06 17:57 . 2013-05-09 08:59 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-06 17:57 . 2013-05-09 08:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-06 17:57 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-06 17:57 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-06 17:57 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-06 17:56 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-06-06 17:56 . 2013-06-06 17:56 -------- d-----w- c:\program files\AVAST Software
2013-06-06 17:13 . 2013-06-06 17:56 -------- d-----w- c:\programdata\AVAST Software
2013-06-06 15:35 . 2013-06-06 15:35 -------- d-----w- c:\program files (x86)\Seagate
2013-06-06 15:34 . 2013-06-06 15:34 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-06 15:25 . 2013-06-06 15:25 31136 ----a-w- c:\windows\system32\drivers\HWiNFO64A.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-14 09:08 . 2012-02-10 18:24 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 15:23 . 2012-04-02 08:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 15:23 . 2012-01-16 03:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-07 18:54 . 2012-06-11 21:11 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-07 18:54 . 2012-01-16 04:01 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-17 20:07 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-30 12:58 . 2013-04-30 12:58 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 12:58 . 2013-04-30 12:58 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 12:58 . 2013-04-30 12:58 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 12:58 . 2013-04-30 12:58 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 12:58 . 2013-04-30 12:58 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 12:58 . 2013-04-30 12:58 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 12:58 . 2013-04-30 12:58 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 12:58 . 2013-04-30 12:58 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 12:58 . 2013-04-30 12:58 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 12:58 . 2013-04-30 12:58 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 12:58 . 2013-04-30 12:58 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 12:58 . 2013-04-30 12:58 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 12:58 . 2013-04-30 12:58 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 12:58 . 2013-04-30 12:58 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 12:58 . 2013-04-30 12:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 12:58 . 2013-04-30 12:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 12:58 . 2013-04-30 12:58 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 12:58 . 2013-04-30 12:58 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 12:58 . 2013-04-30 12:58 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 12:58 . 2013-04-30 12:58 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 12:58 . 2013-04-30 12:58 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 12:58 . 2013-04-30 12:58 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 12:58 . 2013-04-30 12:58 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 12:58 . 2013-04-30 12:58 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 12:58 . 2013-04-30 12:58 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 12:58 . 2013-04-30 12:58 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 12:58 . 2013-04-30 12:58 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 12:58 . 2013-04-30 12:58 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 12:58 . 2013-04-30 12:58 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 12:58 . 2013-04-30 12:58 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 12:58 . 2013-04-30 12:58 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 12:58 . 2013-04-30 12:58 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 12:58 . 2013-04-30 12:58 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 12:58 . 2013-04-30 12:58 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 12:58 . 2013-04-30 12:58 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 12:58 . 2013-04-30 12:58 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 12:58 . 2013-04-30 12:58 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 12:58 . 2013-04-30 12:58 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 12:58 . 2013-04-30 12:58 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 12:58 . 2013-04-30 12:58 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 12:58 . 2013-04-30 12:58 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 12:58 . 2013-04-30 12:58 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 12:58 . 2013-04-30 12:58 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 12:58 . 2013-04-30 12:58 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 12:58 . 2013-04-30 12:58 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 12:58 . 2013-04-30 12:58 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 12:58 . 2013-04-30 12:58 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 12:58 . 2013-04-30 12:58 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 12:58 . 2013-04-30 12:58 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-13 05:49 . 2013-05-15 07:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 07:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 07:37 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 07:37 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 07:37 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 07:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 07:38 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 07:37 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 07:37 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 07:37 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-18 07:29 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-05 11:57 220632 ----a-w- c:\users\xxxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-05 11:57 220632 ----a-w- c:\users\xxxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-05 11:57 220632 ----a-w- c:\users\xxxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\xxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\xxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\xxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/01/15 22:32;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 cpuz130;cpuz130;c:\users\Philipp\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\Philipp\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe;c:\program files\ShrewSoft\VPN Client\dtpd.exe [x]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe;c:\program files\ShrewSoft\VPN Client\iked.exe [x]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 Online Shield Starter Service;Online Shield Starter Service;c:\program files (x86)\Steganos Online Shield\OnlineShieldService.exe;c:\program files (x86)\Steganos Online Shield\OnlineShieldService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-05 11:57 244696 ----a-w- c:\users\xxxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-05 11:57 244696 ----a-w- c:\users\xxxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-05 11:57 244696 ----a-w- c:\users\xxxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\xxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\xxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\xxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.faz.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{ED8AA9E1-3F58-4C73-824C-10F9990032C9}: NameServer = 131.174.117.20
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\8m0khvc4.default\
FF - prefs.js: browser.startup.homepage - hxxps://share.ru.nl/zimbra/#1|hxxp://www.gmx.net/|hxxp://dict.leo.org/
FF - ExtSQL: 2013-04-28 19:34; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2013-06-06 19:56; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1772762777-1271809145-3008419274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1772762777-1271809145-3008419274-1001)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1772762777-1271809145-3008419274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1772762777-1271809145-3008419274-1001\Software\SecuROM\License information*]
"datasecu"=hex:de,49,cc,d3,01,e7,65,a5,4f,08,b3,21,de,66,86,8f,c7,0a,28,1b,0a,
cf,aa,0c,f7,1f,07,f8,4b,da,7f,33,83,3a,6f,22,4b,71,1c,2b,da,cb,74,0c,81,c2,\
"rkeysecu"=hex:f1,fb,9a,fa,d5,42,2d,4a,09,7a,48,eb,8e,f1,17,2a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-24 15:31:32
ComboFix-quarantined-files.txt 2013-06-24 13:31
.
Vor Suchlauf: 14 Verzeichnis(se), 554.453.323.776 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 553.458.212.864 Bytes frei
.
- - End Of File - - AF1E532B04E49A3C99AF7C2893822A7A
D41D8CD98F00B204E9800998ECF8427E Geändert von Da GuRu (25.06.2013 um 11:42 Uhr) |
|
25.06.2013, 12:19
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
25.06.2013, 20:22
| #3 |
| | Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus Vielen Dank für die Antwort! Anbei die Logfiles:
__________________FRST-log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 01
Ran by Xxxx (administrator) on 25-06-2013 21:12:45
Running from C:\Users\Xxxx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Ventana Systems, Inc.) C:\Program Files (x86)\Vensim\Vensim.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-09-16] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart [980920 2012-05-22] (The Eraser Project)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
HKU\UpdatusUser\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [245432 2012-12-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201136 2012-12-03] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.faz.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9B94BCE6-B0E4-4AB1-AEDD-A827566D784C} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} hxxp://dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 194.151.228.18 194.151.228.34
Tcpip\..\Interfaces\{ED8AA9E1-3F58-4C73-824C-10F9990032C9}: [NameServer]131.174.117.20
FireFox:
========
FF ProfilePath: C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default
FF Homepage: https://share.ru.nl/|hxxp://www.gmx.net/|hxxp://dict.leo.org/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: copylinktext - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\copylinktext@brett.zamir.xpi
FF Extension: copylinkurl - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\copylinkurl@bluelightdev.com.xpi
FF Extension: fdm_ffext - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: No Name - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-12] (CyberLink)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()
R2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [303368 2013-05-16] (Steganos Software GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-06-06] (REALiX(tm))
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-12-03] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [21048 2011-10-10] (Resplendence Software Projects Sp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz130; \??\C:\Users\Xxxx\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-25 21:11 - 2013-06-25 21:11 - 00000000 ____D C:\FRST
2013-06-25 21:07 - 2013-06-25 21:07 - 01931854 ____A (Farbar) C:\Users\Xxxx\Desktop\FRST64.exe
2013-06-24 15:42 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2013-06-24 15:31 - 2013-06-24 15:31 - 00035075 ____A C:\ComboFix.txt
2013-06-24 15:02 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-24 15:02 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-24 15:02 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-24 15:00 - 2013-06-24 15:32 - 00000000 ____D C:\Qoobox
2013-06-24 14:59 - 2013-06-24 15:28 - 00000000 ____D C:\Windows\erdnt
2013-06-24 14:56 - 2013-06-24 15:37 - 00000902 ____A C:\Windows\PFRO.log
2013-06-24 14:42 - 2013-06-25 20:46 - 00000392 ____A C:\Windows\setupact.log
2013-06-24 14:42 - 2013-06-24 14:42 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 14:40 - 2013-06-24 14:40 - 00002727 ____A C:\AdwCleaner[S1].txt
2013-06-24 11:54 - 2013-04-04 05:30 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 11:41 - 2013-06-24 13:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-24 11:26 - 2013-06-24 11:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-14 11:07 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 11:07 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 11:07 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 11:07 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 11:07 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 11:07 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 11:07 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-14 11:07 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-14 11:07 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-14 11:07 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-14 11:07 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-14 11:07 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 23:31 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 23:31 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:31 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:31 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:31 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:31 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 11:46 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 11:46 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 11:46 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 11:46 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 11:46 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 11:45 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 11:45 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 11:45 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 11:45 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 11:45 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 11:45 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 11:45 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 11:45 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 11:45 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 11:45 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 11:45 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 11:45 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 11:45 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 11:45 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-09 00:54 - 2013-06-09 00:54 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Eraser 6
2013-06-08 05:37 - 2013-06-08 05:37 - 00000000 ____D C:\Program Files\Eraser
2013-06-07 21:06 - 2013-06-07 20:54 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-07 21:06 - 2013-06-07 20:54 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-07 21:06 - 2013-06-07 20:54 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-07 20:55 - 2013-06-07 20:54 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-06 19:57 - 2013-06-24 11:01 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-06 19:57 - 2013-06-24 10:11 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Google
2013-06-06 19:57 - 2013-06-24 10:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-06 19:57 - 2013-05-09 10:59 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-06-06 19:57 - 2013-05-09 10:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-06-06 19:56 - 2013-06-06 19:56 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-06 19:56 - 2013-05-09 10:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-06-06 19:13 - 2013-06-06 19:56 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-06 17:35 - 2013-06-06 17:35 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-06-06 17:25 - 2013-06-06 17:25 - 00031136 ____A (REALiX(tm)) C:\Windows\System32\Drivers\HWiNFO64A.SYS
==================== One Month Modified Files and Folders =======
2013-06-25 21:11 - 2013-06-25 21:11 - 00000000 ____D C:\FRST
2013-06-25 21:07 - 2013-06-25 21:07 - 01931854 ____A (Farbar) C:\Users\Xxxx\Desktop\FRST64.exe
2013-06-25 20:51 - 2012-02-10 21:33 - 00000000 ____D C:\Users\Xxxx\AppData\Roaming\Skype
2013-06-25 20:46 - 2013-06-24 14:42 - 00000392 ____A C:\Windows\setupact.log
2013-06-25 20:30 - 2012-04-02 10:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-25 10:48 - 2012-02-28 00:12 - 01802764 ____A C:\Windows\WindowsUpdate.log
2013-06-25 09:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-24 16:16 - 2012-02-15 11:55 - 00000000 ____D C:\Users\Xxxx\AppData\Roaming\Vensim
2013-06-24 15:45 - 2009-07-14 06:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-24 15:45 - 2009-07-14 06:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-24 15:43 - 2013-01-26 14:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-24 15:43 - 2010-11-21 08:50 - 00696870 ____A C:\Windows\System32\perfh007.dat
2013-06-24 15:43 - 2010-11-21 08:50 - 00148134 ____A C:\Windows\System32\perfc007.dat
2013-06-24 15:43 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-24 15:40 - 2012-01-16 06:35 - 00000000 ____D C:\ProgramData\Sonic
2013-06-24 15:37 - 2013-06-24 14:56 - 00000902 ____A C:\Windows\PFRO.log
2013-06-24 15:37 - 2012-01-15 22:33 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-24 15:37 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-24 15:32 - 2013-06-24 15:00 - 00000000 ____D C:\Qoobox
2013-06-24 15:31 - 2013-06-24 15:31 - 00035075 ____A C:\ComboFix.txt
2013-06-24 15:28 - 2013-06-24 14:59 - 00000000 ____D C:\Windows\erdnt
2013-06-24 15:20 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-24 15:16 - 2012-01-22 17:11 - 00000000 ____D C:\users\Xxxx
2013-06-24 14:42 - 2013-06-24 14:42 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 14:40 - 2013-06-24 14:40 - 00002727 ____A C:\AdwCleaner[S1].txt
2013-06-24 14:40 - 2012-12-29 14:18 - 00000000 ____D C:\Users\Xxxx\AppData\Roaming\CheckPoint
2013-06-24 13:47 - 2013-06-24 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-24 12:01 - 2012-03-25 22:29 - 00000000 ____D C:\Windows\Minidump
2013-06-24 12:01 - 2011-02-11 19:13 - 00000000 ____D C:\Windows\panther
2013-06-24 12:00 - 2012-02-11 00:24 - 00000000 ____D C:\Program Files\CCleaner
2013-06-24 11:58 - 2012-02-13 00:30 - 00000000 ____D C:\Program Files\Java
2013-06-24 11:55 - 2012-02-17 13:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-24 11:54 - 2013-05-22 10:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-24 11:26 - 2013-06-24 11:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-24 11:10 - 2012-02-12 13:31 - 00000000 ____D C:\Users\Xxxx\Desktop\Wichtig
2013-06-24 11:01 - 2013-06-06 19:57 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-24 10:14 - 2012-01-16 06:24 - 00000000 ____D C:\Program Files (x86)\Creative
2013-06-24 10:14 - 2012-01-16 06:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-24 10:11 - 2013-06-06 19:57 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Google
2013-06-24 10:11 - 2013-06-06 19:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-23 17:09 - 2013-05-22 10:11 - 00000000 ____D C:\Program Files\My Dell
2013-06-23 11:32 - 2012-02-13 00:44 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2013-06-22 23:08 - 2012-02-15 14:30 - 00000000 ____D C:\Users\Xxxx\AppData\Roaming\vlc
2013-06-20 22:25 - 2012-02-19 13:54 - 00014336 ____A C:\Users\Xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-18 09:36 - 2011-02-11 12:22 - 01590378 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-15 12:37 - 2012-07-22 18:45 - 00000000 ____D C:\Users\Xxxx\Desktop\test
2013-06-14 11:08 - 2012-02-10 20:24 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 11:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 17:23 - 2012-04-02 10:10 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:23 - 2012-01-16 05:43 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 02:53 - 2012-04-25 17:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-09 00:54 - 2013-06-09 00:54 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Eraser 6
2013-06-08 16:08 - 2013-06-14 11:07 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-14 11:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-14 11:07 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-14 11:07 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-14 11:07 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 15:37 - 2012-11-14 21:56 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-06-08 14:28 - 2013-06-14 11:07 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-14 11:07 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-14 11:07 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-14 11:07 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-14 11:07 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-14 11:07 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-14 11:07 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-08 05:53 - 2012-09-05 03:35 - 00000000 ____D C:\Users\Xxxx\Desktop\read
2013-06-08 05:41 - 2012-04-19 16:27 - 00007617 ____A C:\Users\Xxxx\AppData\Local\resmon.resmoncfg
2013-06-08 05:37 - 2013-06-08 05:37 - 00000000 ____D C:\Program Files\Eraser
2013-06-07 21:11 - 2013-04-23 10:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-07 20:54 - 2013-06-07 21:06 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-07 20:54 - 2013-06-07 21:06 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-07 20:54 - 2013-06-07 21:06 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-07 20:54 - 2013-06-07 20:55 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-07 20:54 - 2012-06-11 23:11 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-07 20:54 - 2012-01-16 06:01 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-07 20:40 - 2012-01-16 06:14 - 00000000 ____D C:\ProgramData\Adobe
2013-06-07 20:39 - 2012-02-10 22:33 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Adobe
2013-06-07 11:17 - 2012-01-22 23:39 - 00000000 ____D C:\ProgramData\PCDr
2013-06-06 19:56 - 2013-06-06 19:56 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-06 19:56 - 2013-06-06 19:13 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-06 17:35 - 2013-06-06 17:35 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-06-06 17:25 - 2013-06-06 17:25 - 00031136 ____A (REALiX(tm)) C:\Windows\System32\Drivers\HWiNFO64A.SYS
2013-06-06 17:25 - 2012-03-28 22:53 - 00000000 ____D C:\Program Files\HWiNFO64
2013-06-06 13:38 - 2013-02-04 14:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-06 13:38 - 2012-01-16 06:18 - 00000000 ____D C:\ProgramData\Skype
2013-06-04 18:29 - 2012-01-16 06:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-04 14:26 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-29 22:09 - 2012-12-30 22:49 - 00012889 ___AH C:\Windows\SysWOW64\BTImages.dat
2013-05-29 17:53 - 2012-02-12 13:59 - 00000000 ___RD C:\Users\Xxxx\Desktop\Sonstiges
2013-05-27 11:44 - 2012-11-29 22:43 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-26 14:34 - 2012-03-14 11:24 - 00000000 ____D C:\Users\Xxxx\Desktop\Diss
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 16:36
==================== End Of Log ============================
--- --- --- Addition-log: FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2013 01 Ran by Xxxx at 2013-06-25 21:13:18 Running from C:\Users\Xxxx\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 64 Bit HP CIO Components Installer (Version: 6.2.2) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) AccelerometerP11 (x32 Version: 2.00.11.22) Adobe Acrobat XI Pro (x32 Version: 11.0.03) Adobe AIR (x32 Version: 3.7.0.2090) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Advanced Audio FX Engine (x32 Version: 1.12.05) Age of Mythology - The Titans Expansion (x32) Age of Mythology (x32) Audacity 2.0.2 (x32 Version: 2.0.2) avast! Free Antivirus (x32 Version: 8.0.1489.0) Canon MP Navigator 3.0 (x32) Canon MP510 CCleaner (Version: 4.02) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495) Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7) CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.4418) D3DX10 (x32 Version: 15.4.2368.0902) Debugging Tools for Windows (x64) (Version: 6.11.1.404) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dell DataSafe Online (x32 Version: 2.1.19634) Dell Edoc Viewer (Version: 1.0.0) Dell Getting Started Guide (x32 Version: 1.00.0000) Dell MusicStage (x32 Version: 1.5.201.0) Dell PhotoStage (x32 Version: 1.5.0.65) Dell Stage Remote (x32 Version: 2.0.0.50) Dell VideoStage (x32 Version: 1.2.0.1712) Dell Webcam Central (x32 Version: 2.00.35) DirectX 9 Runtime (x32 Version: 1.00.0000) Dropbox (HKCU Version: 1.6.18) Eraser 6.0.10.2620 (Version: 6.0.2620) Fotogalerie (x32 Version: 16.4.3505.0912) Free Video to MP3 Converter version 5.0.20.1031 (x32 Version: 5.0.20.1031) Fritz8 SE (x32 Version: 1) GoToMeeting 5.5.0.1133 (HKCU Version: 5.5.0.1133) GPL Ghostscript (Version: 9.05) Grand Theft Auto: Episodes from Liberty City (x32) HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7 (Version: 14.0) HWiNFO64 Version 4.18 (Version: 4.18) Intel PROSet Wireless Intel PROSet Wireless (x32) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Intel(R) Processor Graphics (x32 Version: 8.15.10.2455) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 1.2.1.0608) Intel(R) PROSet/Wireless WiFi-Software (Version: 14.2.1000) IrfanView (remove only) (x32 Version: 4.35) Java 7 Update 21 (64-bit) (Version: 7.0.210) Java 7 Update 21 (x32 Version: 7.0.210) Java Auto Updater (x32 Version: 2.1.9.5) JavaFX 2.1.1 (x32 Version: 2.1.1) Junk Mail filter update (x32 Version: 16.4.3505.0912) LAME v3.99.3 (for Windows) (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0) Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SkyDrive (HKCU Version: 16.4.6013.0910) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) Movie Maker (x32 Version: 16.4.3505.0912) Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0) Mozilla Maintenance Service (x32 Version: 17.0.6) Mozilla Thunderbird 17.0.6 (x86 de) (x32 Version: 17.0.6) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP2 Parser und SDK (x32 Version: 4.20.9818.0) My Dell (Version: 3.3.6261.27) NetLogo 5.0.4 (x32 Version: 5.0.4) Network64 (Version: 140.0.212.000) NVIDIA 3D Vision Treiber 310.70 (Version: 310.70) NVIDIA Grafiktreiber 310.70 (Version: 310.70) NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0) NVIDIA Install Application (Version: 2.1002.95.599) NVIDIA Optimus 1.11.3 (Version: 1.11.3) NVIDIA PhysX (x32 Version: 9.12.1031) NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1070) NVIDIA Systemsteuerung 310.70 (Version: 310.70) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) OpenAL (x32) PDF24 Creator 5.4.0 (x32) PDF-XChange Viewer (Version: 2.5.201.0) Photo Gallery (x32 Version: 16.4.3505.0912) PhotoShowExpress (x32 Version: 2.0.063) Protectorion Data Safe (x32 Version: 3.4) PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000) Quickset64 (Version: 11.0.10) RBVirtualFolder64Inst (Version: 1.00.0000) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526) Roxio Activation Module (x32 Version: 1.0) Roxio BackOnTrack (x32 Version: 1.3.3) Roxio Burn (x32 Version: 1.8) Roxio Creator Starter (x32 Version: 1.0.439) Roxio Creator Starter (x32 Version: 12.1.77.0) Roxio Creator Starter (x32 Version: 5.0.0) Roxio Express Labeler 3 (x32 Version: 3.2.2) Roxio File Backup (Version: 1.3.2) Scan (x32 Version: 140.0.77.000) SeaTools for Windows (x32 Version: 1.2.0.7) Shared C Run-time for x64 (Version: 10.0.0) Shrew Soft VPN Client Skype™ 6.5 (x32 Version: 6.5.158) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0) Spybot - Search & Destroy (x32 Version: 2.1.19) Steam (x32 Version: 1.0.0.0) Steganos Online Shield (x32 Version: 1.0.4) Synaptics Pointing Device Driver (Version: 15.2.6.0) Toolbox (x32 Version: 140.0.424.000) TrueCrypt (x32 Version: 7.1a) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0) Ucinet 6 (x32 Version: 6.0.0232) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2494150) (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Vensim PLE (x32) Vensim Professional (x32) VLC media player 2.0.7 (x32 Version: 2.0.7) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Mail (x32 Version: 16.4.3505.0912) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Windows Live Writer (x32 Version: 16.4.3505.0912) Windows Live Writer Resources (x32 Version: 16.4.3505.0912) Worms Revolution (x32) XMedia Recode Version 3.1.3.4 (x32 Version: 3.1.3.4) XMind (x32 Version: 3.3.0) Zinio Reader 4 (x32 Version: 4.2.4164) ZoneAlarm Antivirus (x32 Version: 11.0.000.020) ZoneAlarm Firewall (x32 Version: 11.0.000.057) ZoneAlarm Firewall (x32 Version: 11.0.000.504) ZoneAlarm Security (x32 Version: 11.0.000.020) ZoneAlarm Security (x32 Version: 11.0.000.504) ==================== Restore Points ========================= 11-06-2013 09:04:39 Windows Update 12-06-2013 21:29:56 Windows Update 14-06-2013 09:06:59 Windows Update 18-06-2013 07:27:53 Windows Update 21-06-2013 07:41:58 Windows Update 24-06-2013 08:13:29 Entfernt Live! Cam Avatar Creator 24-06-2013 09:52:15 Removed Java(TM) 6 Update 31 24-06-2013 09:56:05 Removed Java(TM) 6 Update 45 (64-bit) 24-06-2013 10:09:10 Malwarebytes Anti-Rootkit Restore Point 25-06-2013 07:46:28 Windows Update ==================== Scheduled Tasks (whitelisted) ============= Task: {14B77E68-B2EB-4A89-8604-923B692EBB85} - System32\Tasks\User_Feed_Synchronization-{D60A9769-E6E6-4F80-BAD7-21F76B61E56C} => C:\Windows\system32\msfeedssync.exe [2013-04-30] (Microsoft Corporation) Task: {1996DAFE-E651-4123-9F78-1D2624FDC204} - System32\Tasks\{64B0E9A1-76DA-4C32-BFC9-F94CAC3BFDAD} => C:\setup.exe No File Task: {300DDC8A-5381-4942-9EAD-1BBA763BC55E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {3293965B-39C5-4104-A4E8-95422C41644A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe No File Task: {38EBA534-2EEA-4538-B547-8EFE89CB7BBA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-05-07] (PC-Doctor, Inc.) Task: {39FFFA46-C30D-4E0E-A84C-ED33480209E7} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {3D0A75CE-93B7-4BCF-988B-8DFE5D67F53B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) Task: {5E4970B4-3C9A-4441-8C1C-FEF4ADDF6F99} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe No File Task: {665C3E20-6159-4C2C-8823-5F3F1A2E97B3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {6697CB6F-B0C0-4722-AF09-C3BB8C09CE06} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.) Task: {80DC3B7C-0EF5-48C6-9E3A-27B844BCF86E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {8460DD93-FC3F-4715-80DE-6D40A451AA8F} - System32\Tasks\{44BA8B38-00FF-4295-9EF1-67943A43CC6E} => C:\setup.exe No File Task: {8AD942CF-4E5A-4701-8BB0-4F497090E830} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe No File Task: {95C0BA18-CFC7-443D-9879-08505C51A909} - System32\Tasks\{B3613F50-E2D7-44EC-909E-DA40C4682C6A} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-05-22] (Mozilla Corporation) Task: {A2B0F6B9-35F2-4E19-A637-00F0D19AA363} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation) Task: {B66C4303-03B4-4904-BA32-C1B684D9FA82} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe No File Task: {B858A2F4-1060-4801-AF6C-807481A9C849} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Faulty Device Manager Devices ============= Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Shrew Soft Virtual Adapter Description: Shrew Soft Virtual Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Shrew Soft Service: vnet Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/25/2013 08:46:17 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: obexsrv.exe, Version: 1.2.0.99, Zeitstempel: 0x4e7a2616 Name des fehlerhaften Moduls: obexsrv.exe, Version: 1.2.0.99, Zeitstempel: 0x4e7a2616 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001a8ae ID des fehlerhaften Prozesses: 0xeb4 Startzeit der fehlerhaften Anwendung: 0xobexsrv.exe0 Pfad der fehlerhaften Anwendung: obexsrv.exe1 Pfad des fehlerhaften Moduls: obexsrv.exe2 Berichtskennung: obexsrv.exe3 Error: (06/24/2013 04:13:56 PM) (Source: Application Hang) (User: ) Description: Programm sidebar.exe, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13fc Startzeit: 01ce70e00d9cc040 Endzeit: 0 Anwendungspfad: C:\Program Files\Windows Sidebar\sidebar.exe Berichts-ID: 4908ef7c-dcd8-11e2-b719-bdc90561c30e Error: (06/24/2013 03:37:58 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2013 02:57:52 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2013 02:43:23 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2013 02:43:18 PM) (Source: Windows Search Service) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (06/24/2013 02:43:18 PM) (Source: Windows Search Service) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (06/24/2013 02:43:18 PM) (Source: Windows Search Service) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (06/24/2013 02:43:18 PM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Error: (06/24/2013 02:43:13 PM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (06/25/2013 08:46:20 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Bluetooth OBEX Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/24/2013 03:40:04 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/24/2013 03:40:04 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/24/2013 03:19:55 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (06/24/2013 03:15:32 PM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (06/24/2013 03:11:53 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (06/24/2013 02:59:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/24/2013 02:59:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/24/2013 02:58:10 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (06/24/2013 02:56:00 PM) (Source: DCOM) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Microsoft Office Sessions: ========================= Error: (06/25/2013 08:46:17 PM) (Source: Application Error)(User: ) Description: obexsrv.exe1.2.0.994e7a2616obexsrv.exe1.2.0.994e7a2616c00000050001a8aeeb401ce70e004df32bfC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe844d0efd-ddc7-11e2-b719-bdc90561c30e Error: (06/24/2013 04:13:56 PM) (Source: Application Hang)(User: ) Description: sidebar.exe6.1.7601.1751413fc01ce70e00d9cc0400C:\Program Files\Windows Sidebar\sidebar.exe4908ef7c-dcd8-11e2-b719-bdc90561c30e Error: (06/24/2013 03:37:58 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2013 02:57:52 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2013 02:43:23 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2013 02:43:18 PM) (Source: Windows Search Service)(User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (06/24/2013 02:43:18 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (06/24/2013 02:43:18 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (06/24/2013 02:43:18 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (06/24/2013 02:43:13 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore CodeIntegrity Errors: =================================== Date: 2013-06-24 15:15:32.432 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-24 15:15:32.354 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-06 19:07:13.064 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-06 18:05:58.148 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-06 17:53:31.166 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-06 17:30:40.014 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-06 17:21:55.181 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-06 16:55:10.811 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-06 13:36:37.491 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-06 09:40:34.905 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 69% Total physical RAM: 3990.14 MB Available physical RAM: 1211.7 MB Total Pagefile: 7978.46 MB Available Pagefile: 4843.93 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:679 GB) (Free:517.04 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: 07F2837E) Partition 1: (Not Active) - (Size=102 MB) - (Type=DE) Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Geändert von dreisat (25.06.2013 um 20:28 Uhr) |
|
25.06.2013, 20:25
| #4 | |
| /// the machine /// TB-Ausbilder | Windows 7-Medlung : Entfernen des Win32/Small.CA-VirusCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.06.2013, 21:04
| #5 |
| | Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus Ok, hier das Combofix-log: Code:
ATTFilter ComboFix 13-06-24.01 - Xxxx 25.06.2013 21:40:44.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3990.2060 [GMT 2:00]
ausgeführt von:: c:\users\Xxxx\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6261\AddOnDownloaded\1f7e3200-2791-441e-8615-1258d84e5f61.dll
c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll
c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll
c:\programdata\PCDr\6261\AddOnDownloaded\3820d79a-0389-4fd9-b10c-00d2774e8996.dll
c:\programdata\PCDr\6261\AddOnDownloaded\5e1499b7-780b-4b0e-8240-0221e699a647.dll
c:\programdata\PCDr\6261\AddOnDownloaded\7a273375-a427-45b1-8925-a4fd3312f55b.dll
c:\programdata\PCDr\6261\AddOnDownloaded\958decf6-f105-42b7-b2b8-ecb97b06448b.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b3ef58a2-77e9-414a-b8f6-b8cbbf497383.dll
c:\programdata\PCDr\6261\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-25 bis 2013-06-25 ))))))))))))))))))))))))))))))
.
.
2013-06-25 19:49 . 2013-06-25 19:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-25 19:49 . 2013-06-25 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-24 09:41 . 2013-06-24 11:47 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-24 09:26 . 2013-06-24 09:26 -------- d-----w- c:\programdata\Malwarebytes
2013-06-12 21:31 . 2013-05-17 01:25 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-12 09:46 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 09:46 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 09:46 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 09:46 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 09:46 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-08 22:54 . 2013-06-08 22:54 -------- d-----w- c:\users\Xxxx\AppData\Local\Eraser 6
2013-06-08 03:37 . 2013-06-08 03:37 -------- d-----w- c:\program files\Eraser
2013-06-07 19:06 . 2013-06-07 18:54 311200 ----a-w- c:\windows\system32\javaws.exe
2013-06-07 19:06 . 2013-06-07 18:54 188832 ----a-w- c:\windows\system32\javaw.exe
2013-06-07 19:06 . 2013-06-07 18:54 188320 ----a-w- c:\windows\system32\java.exe
2013-06-07 18:55 . 2013-06-07 18:54 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-06 17:57 . 2013-06-24 08:11 -------- d-----w- c:\users\Xxxx\AppData\Local\Google
2013-06-06 17:57 . 2013-06-24 08:11 -------- d-----w- c:\program files (x86)\Google
2013-06-06 17:57 . 2013-05-09 08:59 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-06 17:57 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-06-06 17:57 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-06-06 17:57 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-06-06 17:57 . 2013-05-09 08:59 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-06 17:57 . 2013-05-09 08:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-06 17:57 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-06 17:57 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-06 17:57 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-06 17:56 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-06-06 17:56 . 2013-06-06 17:56 -------- d-----w- c:\program files\AVAST Software
2013-06-06 17:13 . 2013-06-06 17:56 -------- d-----w- c:\programdata\AVAST Software
2013-06-06 15:35 . 2013-06-06 15:35 -------- d-----w- c:\program files (x86)\Seagate
2013-06-06 15:34 . 2013-06-06 15:34 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-06 15:25 . 2013-06-06 15:25 31136 ----a-w- c:\windows\system32\drivers\HWiNFO64A.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-14 09:08 . 2012-02-10 18:24 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 15:23 . 2012-04-02 08:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 15:23 . 2012-01-16 03:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-07 18:54 . 2012-06-11 21:11 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-07 18:54 . 2012-01-16 04:01 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-17 20:07 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-30 12:58 . 2013-04-30 12:58 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 12:58 . 2013-04-30 12:58 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 12:58 . 2013-04-30 12:58 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 12:58 . 2013-04-30 12:58 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 12:58 . 2013-04-30 12:58 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 12:58 . 2013-04-30 12:58 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 12:58 . 2013-04-30 12:58 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 12:58 . 2013-04-30 12:58 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 12:58 . 2013-04-30 12:58 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 12:58 . 2013-04-30 12:58 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 12:58 . 2013-04-30 12:58 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 12:58 . 2013-04-30 12:58 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 12:58 . 2013-04-30 12:58 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 12:58 . 2013-04-30 12:58 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 12:58 . 2013-04-30 12:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 12:58 . 2013-04-30 12:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 12:58 . 2013-04-30 12:58 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 12:58 . 2013-04-30 12:58 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 12:58 . 2013-04-30 12:58 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 12:58 . 2013-04-30 12:58 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 12:58 . 2013-04-30 12:58 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 12:58 . 2013-04-30 12:58 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 12:58 . 2013-04-30 12:58 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 12:58 . 2013-04-30 12:58 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 12:58 . 2013-04-30 12:58 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 12:58 . 2013-04-30 12:58 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 12:58 . 2013-04-30 12:58 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 12:58 . 2013-04-30 12:58 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 12:58 . 2013-04-30 12:58 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 12:58 . 2013-04-30 12:58 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 12:58 . 2013-04-30 12:58 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 12:58 . 2013-04-30 12:58 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 12:58 . 2013-04-30 12:58 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 12:58 . 2013-04-30 12:58 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 12:58 . 2013-04-30 12:58 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 12:58 . 2013-04-30 12:58 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 12:58 . 2013-04-30 12:58 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 12:58 . 2013-04-30 12:58 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 12:58 . 2013-04-30 12:58 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 12:58 . 2013-04-30 12:58 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 12:58 . 2013-04-30 12:58 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 12:58 . 2013-04-30 12:58 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 12:58 . 2013-04-30 12:58 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 12:58 . 2013-04-30 12:58 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 12:58 . 2013-04-30 12:58 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 12:58 . 2013-04-30 12:58 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 12:58 . 2013-04-30 12:58 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 12:58 . 2013-04-30 12:58 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 12:58 . 2013-04-30 12:58 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-13 05:49 . 2013-05-15 07:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 07:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 07:37 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 07:37 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 07:37 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 07:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 07:38 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 07:37 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 07:37 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 07:37 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-18 07:29 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-05 11:57 220632 ----a-w- c:\users\Xxxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-05 11:57 220632 ----a-w- c:\users\Xxxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-05 11:57 220632 ----a-w- c:\users\Xxxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Xxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Xxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Xxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/01/15 22:32;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 cpuz130;cpuz130;c:\users\Xxxx\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\Xxxx\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe;c:\program files\ShrewSoft\VPN Client\dtpd.exe [x]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe;c:\program files\ShrewSoft\VPN Client\iked.exe [x]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 Online Shield Starter Service;Online Shield Starter Service;c:\program files (x86)\Steganos Online Shield\OnlineShieldService.exe;c:\program files (x86)\Steganos Online Shield\OnlineShieldService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-05 11:57 244696 ----a-w- c:\users\Xxxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-05 11:57 244696 ----a-w- c:\users\Xxxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-05 11:57 244696 ----a-w- c:\users\Xxxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Xxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Xxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Xxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Xxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.faz.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{ED8AA9E1-3F58-4C73-824C-10F9990032C9}: NameServer = 131.174.117.20
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\8m0khvc4.default\
FF - prefs.js: browser.startup.homepage - hxxps://share.ru.nl/zimbra/#1|hxxp://www.gmx.net/|hxxp://dict.leo.org/
FF - ExtSQL: 2013-04-28 19:34; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2013-06-06 19:56; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1772762777-1271809145-3008419274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1772762777-1271809145-3008419274-1001)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1772762777-1271809145-3008419274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1772762777-1271809145-3008419274-1001\Software\SecuROM\License information*]
"datasecu"=hex:de,49,cc,d3,01,e7,65,a5,4f,08,b3,21,de,66,86,8f,c7,0a,28,1b,0a,
cf,aa,0c,f7,1f,07,f8,4b,da,7f,33,83,3a,6f,22,4b,71,1c,2b,da,cb,74,0c,81,c2,\
"rkeysecu"=hex:f1,fb,9a,fa,d5,42,2d,4a,09,7a,48,eb,8e,f1,17,2a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-25 21:51:36
ComboFix-quarantined-files.txt 2013-06-25 19:51
ComboFix2.txt 2013-06-24 13:31
.
Vor Suchlauf: 18 Verzeichnis(se), 555.399.630.848 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 554.952.966.144 Bytes frei
.
- - End Of File - - D446BE5C3977A1C5CA281427B56A6272
D41D8CD98F00B204E9800998ECF8427E
|
|
26.06.2013, 08:35
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ --> Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus |
|
26.06.2013, 14:56
| #7 |
| | Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus AdwCleaner: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 26/06/2013 um 15:35:47 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Xxxx - XXXX-PB
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Xxxx\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\8m0khvc4.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2727 octets] - [24/06/2013 14:40:04]
AdwCleaner[S2].txt - [917 octets] - [26/06/2013 15:35:47]
########## EOF - C:\AdwCleaner[S2].txt - [976 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Xxxx on 26.06.2013 at 15:40:48,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\Xxxx\AppData\Roaming\mozilla\firefox\profiles\8m0khvc4.default\minidumps [68 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.06.2013 at 15:46:49,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 01
Ran by Xxxx (administrator) on 26-06-2013 15:47:20
Running from C:\Users\Xxxx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-09-16] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart [980920 2012-05-22] (The Eraser Project)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKU\UpdatusUser\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [245432 2012-12-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201136 2012-12-03] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.faz.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9B94BCE6-B0E4-4AB1-AEDD-A827566D784C} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} hxxp://dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\..\Interfaces\{ED8AA9E1-3F58-4C73-824C-10F9990032C9}: [NameServer]131.174.117.20
FireFox:
========
FF ProfilePath: C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default
FF Homepage: https://share.ru.nl/|hxxp://www.gmx.net/|hxxp://dict.leo.org/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: copylinktext - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\copylinktext@brett.zamir.xpi
FF Extension: copylinkurl - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\copylinkurl@bluelightdev.com.xpi
FF Extension: fdm_ffext - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: No Name - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-12] (CyberLink)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()
R2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [303368 2013-05-16] (Steganos Software GmbH)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-06-06] (REALiX(tm))
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-12-03] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [21048 2011-10-10] (Resplendence Software Projects Sp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz130; \??\C:\Users\Xxxx\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-26 15:46 - 2013-06-26 15:47 - 00000831 ____A C:\Users\Xxxx\Desktop\JRT.txt
2013-06-26 15:40 - 2013-06-26 15:40 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 15:40 - 2013-06-26 15:40 - 00000000 ____D C:\JRT
2013-06-26 15:39 - 2013-06-26 15:39 - 00001044 ____A C:\Users\Xxxx\Desktop\AdwCleaner[S2].txt
2013-06-26 15:35 - 2013-06-26 15:36 - 00001044 ____A C:\AdwCleaner[S2].txt
2013-06-26 09:59 - 2013-06-26 09:59 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Xxxx\Desktop\JRT.exe
2013-06-25 21:51 - 2013-06-25 21:51 - 00034751 ____A C:\ComboFix.txt
2013-06-25 21:31 - 2013-06-25 21:31 - 05082330 ____R (Swearware) C:\Users\Xxxx\Desktop\ComboFix.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00000000 ____D C:\FRST
2013-06-25 21:07 - 2013-06-25 21:07 - 01931854 ____A (Farbar) C:\Users\Xxxx\Desktop\FRST64.exe
2013-06-24 15:02 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-24 15:02 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-24 15:02 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-24 15:00 - 2013-06-25 21:51 - 00000000 ____D C:\Qoobox
2013-06-24 14:59 - 2013-06-24 15:28 - 00000000 ____D C:\Windows\erdnt
2013-06-24 14:56 - 2013-06-26 15:37 - 00004330 ____A C:\Windows\PFRO.log
2013-06-24 14:42 - 2013-06-26 15:37 - 00000616 ____A C:\Windows\setupact.log
2013-06-24 14:42 - 2013-06-24 14:42 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 14:40 - 2013-06-24 14:40 - 00002727 ____A C:\AdwCleaner[S1].txt
2013-06-24 14:30 - 2013-06-24 14:30 - 00648201 ____A C:\Users\Xxxx\Desktop\adwcleaner.exe
2013-06-24 11:54 - 2013-04-04 05:30 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 11:41 - 2013-06-24 13:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-24 11:26 - 2013-06-24 11:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-14 11:07 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 11:07 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 11:07 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 11:07 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 11:07 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 11:07 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 11:07 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-14 11:07 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-14 11:07 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-14 11:07 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-14 11:07 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-14 11:07 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 23:31 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 23:31 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:31 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:31 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:31 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:31 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 11:46 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 11:46 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 11:46 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 11:46 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 11:46 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 11:45 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 11:45 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 11:45 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 11:45 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 11:45 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 11:45 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 11:45 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 11:45 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 11:45 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 11:45 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 11:45 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 11:45 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 11:45 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 11:45 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-09 00:54 - 2013-06-09 00:54 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Eraser 6
2013-06-08 05:37 - 2013-06-08 05:37 - 00000000 ____D C:\Program Files\Eraser
2013-06-07 21:06 - 2013-06-07 20:54 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-07 21:06 - 2013-06-07 20:54 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-07 21:06 - 2013-06-07 20:54 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-07 20:55 - 2013-06-07 20:54 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-06 19:57 - 2013-06-24 11:01 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-06 19:57 - 2013-06-24 10:11 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Google
2013-06-06 19:57 - 2013-06-24 10:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-06 19:57 - 2013-05-09 10:59 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-06-06 19:57 - 2013-05-09 10:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-06-06 19:56 - 2013-06-06 19:56 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-06 19:56 - 2013-05-09 10:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-06-06 19:13 - 2013-06-06 19:56 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-06 17:35 - 2013-06-06 17:35 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-06-06 17:25 - 2013-06-06 17:25 - 00031136 ____A (REALiX(tm)) C:\Windows\System32\Drivers\HWiNFO64A.SYS
==================== One Month Modified Files and Folders =======
2013-06-26 15:47 - 2013-06-26 15:46 - 00000831 ____A C:\Users\Xxxx\Desktop\JRT.txt
2013-06-26 15:45 - 2009-07-14 06:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-26 15:45 - 2009-07-14 06:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-26 15:43 - 2010-11-21 08:50 - 00696870 ____A C:\Windows\System32\perfh007.dat
2013-06-26 15:43 - 2010-11-21 08:50 - 00148134 ____A C:\Windows\System32\perfc007.dat
2013-06-26 15:43 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-26 15:40 - 2013-06-26 15:40 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 15:40 - 2013-06-26 15:40 - 00000000 ____D C:\JRT
2013-06-26 15:39 - 2013-06-26 15:39 - 00001044 ____A C:\Users\Xxxx\Desktop\AdwCleaner[S2].txt
2013-06-26 15:37 - 2013-06-24 14:56 - 00004330 ____A C:\Windows\PFRO.log
2013-06-26 15:37 - 2013-06-24 14:42 - 00000616 ____A C:\Windows\setupact.log
2013-06-26 15:37 - 2012-01-15 22:33 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-26 15:37 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-26 15:37 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 15:36 - 2013-06-26 15:35 - 00001044 ____A C:\AdwCleaner[S2].txt
2013-06-26 15:36 - 2012-02-28 00:12 - 01826272 ____A C:\Windows\WindowsUpdate.log
2013-06-26 15:35 - 2012-02-10 21:33 - 00000000 ____D C:\Users\Xxxx\AppData\Roaming\Skype
2013-06-26 15:34 - 2012-02-15 11:55 - 00000000 ____D C:\Users\Xxxx\AppData\Roaming\Vensim
2013-06-26 15:23 - 2012-04-02 10:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 11:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-26 09:59 - 2013-06-26 09:59 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Xxxx\Desktop\JRT.exe
2013-06-25 21:51 - 2013-06-25 21:51 - 00034751 ____A C:\ComboFix.txt
2013-06-25 21:51 - 2013-06-24 15:00 - 00000000 ____D C:\Qoobox
2013-06-25 21:49 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-25 21:38 - 2012-01-16 06:35 - 00000000 ____D C:\ProgramData\Sonic
2013-06-25 21:35 - 2013-01-26 14:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-25 21:31 - 2013-06-25 21:31 - 05082330 ____R (Swearware) C:\Users\Xxxx\Desktop\ComboFix.exe
2013-06-25 21:11 - 2013-06-25 21:11 - 00000000 ____D C:\FRST
2013-06-25 21:07 - 2013-06-25 21:07 - 01931854 ____A (Farbar) C:\Users\Xxxx\Desktop\FRST64.exe
2013-06-24 15:28 - 2013-06-24 14:59 - 00000000 ____D C:\Windows\erdnt
2013-06-24 15:16 - 2012-01-22 17:11 - 00000000 ____D C:\users\Xxxx
2013-06-24 14:42 - 2013-06-24 14:42 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 14:40 - 2013-06-24 14:40 - 00002727 ____A C:\AdwCleaner[S1].txt
2013-06-24 14:40 - 2012-12-29 14:18 - 00000000 ____D C:\Users\Xxxx\AppData\Roaming\CheckPoint
2013-06-24 14:30 - 2013-06-24 14:30 - 00648201 ____A C:\Users\Xxxx\Desktop\adwcleaner.exe
2013-06-24 13:47 - 2013-06-24 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-24 12:01 - 2012-03-25 22:29 - 00000000 ____D C:\Windows\Minidump
2013-06-24 12:01 - 2011-02-11 19:13 - 00000000 ____D C:\Windows\panther
2013-06-24 12:00 - 2012-02-11 00:24 - 00000000 ____D C:\Program Files\CCleaner
2013-06-24 11:58 - 2012-02-13 00:30 - 00000000 ____D C:\Program Files\Java
2013-06-24 11:55 - 2012-02-17 13:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-24 11:54 - 2013-05-22 10:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-24 11:26 - 2013-06-24 11:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-24 11:10 - 2012-02-12 13:31 - 00000000 ____D C:\Users\Xxxx\Desktop\Wichtig
2013-06-24 11:01 - 2013-06-06 19:57 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-24 10:14 - 2012-01-16 06:24 - 00000000 ____D C:\Program Files (x86)\Creative
2013-06-24 10:14 - 2012-01-16 06:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-24 10:11 - 2013-06-06 19:57 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Google
2013-06-24 10:11 - 2013-06-06 19:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-23 17:09 - 2013-05-22 10:11 - 00000000 ____D C:\Program Files\My Dell
2013-06-23 11:32 - 2012-02-13 00:44 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2013-06-22 23:08 - 2012-02-15 14:30 - 00000000 ____D C:\Users\Xxxx\AppData\Roaming\vlc
2013-06-20 22:25 - 2012-02-19 13:54 - 00014336 ____A C:\Users\Xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-18 09:36 - 2011-02-11 12:22 - 01590378 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-15 12:37 - 2012-07-22 18:45 - 00000000 ____D C:\Users\Xxxx\Desktop\test
2013-06-14 11:08 - 2012-02-10 20:24 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 11:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 17:23 - 2012-04-02 10:10 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:23 - 2012-01-16 05:43 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 02:53 - 2012-04-25 17:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-09 00:54 - 2013-06-09 00:54 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Eraser 6
2013-06-08 16:08 - 2013-06-14 11:07 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-14 11:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-14 11:07 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-14 11:07 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-14 11:07 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 15:37 - 2012-11-14 21:56 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-06-08 14:28 - 2013-06-14 11:07 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-14 11:07 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-14 11:07 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-14 11:07 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-14 11:07 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-14 11:07 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-14 11:07 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-08 05:53 - 2012-09-05 03:35 - 00000000 ____D C:\Users\Xxxx\Desktop\read
2013-06-08 05:41 - 2012-04-19 16:27 - 00007617 ____A C:\Users\Xxxx\AppData\Local\resmon.resmoncfg
2013-06-08 05:37 - 2013-06-08 05:37 - 00000000 ____D C:\Program Files\Eraser
2013-06-07 21:11 - 2013-04-23 10:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-07 20:54 - 2013-06-07 21:06 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-07 20:54 - 2013-06-07 21:06 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-07 20:54 - 2013-06-07 21:06 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-07 20:54 - 2013-06-07 20:55 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-07 20:54 - 2012-06-11 23:11 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-07 20:54 - 2012-01-16 06:01 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-07 20:40 - 2012-01-16 06:14 - 00000000 ____D C:\ProgramData\Adobe
2013-06-07 20:39 - 2012-02-10 22:33 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Adobe
2013-06-07 11:17 - 2012-01-22 23:39 - 00000000 ____D C:\ProgramData\PCDr
2013-06-06 19:56 - 2013-06-06 19:56 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-06 19:56 - 2013-06-06 19:13 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-06 17:35 - 2013-06-06 17:35 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-06-06 17:25 - 2013-06-06 17:25 - 00031136 ____A (REALiX(tm)) C:\Windows\System32\Drivers\HWiNFO64A.SYS
2013-06-06 17:25 - 2012-03-28 22:53 - 00000000 ____D C:\Program Files\HWiNFO64
2013-06-06 13:38 - 2013-02-04 14:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-06 13:38 - 2012-01-16 06:18 - 00000000 ____D C:\ProgramData\Skype
2013-06-04 18:29 - 2012-01-16 06:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-05-29 22:09 - 2012-12-30 22:49 - 00012889 ___AH C:\Windows\SysWOW64\BTImages.dat
2013-05-29 17:53 - 2012-02-12 13:59 - 00000000 ___RD C:\Users\Xxxx\Desktop\Sonstiges
2013-05-27 11:44 - 2012-11-29 22:43 - 00000000 ____D C:\Program Files (x86)\Steam
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 16:36
==================== End Of Log ============================
 |
|
26.06.2013, 17:09
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus Supi  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.06.2013, 23:21
| #9 |
| | Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus Ok, habe die drei Logs angehängt. FRST wollte sich vorher noch updaten, was ich erlaubt habe (obwohl mein Virenscanner Alarm geschlagen hat, hab ihn dann einfach deaktiviert). Ist mein Rechner jetzt sauber? Könntest du mir zu guter Letzt noch verraten, ob er infiziert war und wenn ja, was das für Übeltäter waren? Hab immer noch keine Ahnung, wie ich mir die eingefangen haben könnte. Nochmals ganz herzlichen Dank dir! ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=952740120688c9418720865aede3fe59
# engine=14165
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-26 09:59:46
# local_time=2013-06-26 11:59:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 219518 148993858 0 0
# compatibility_mode=5893 16776573 100 94 29471 123913836 0 0
# scanned=224521
# found=0
# cleaned=0
# scan_time=9382
Code:
ATTFilter Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox 21.0 Firefox out of Date!
Mozilla Thunderbird (17.0.6)
Google Chrome 27.0.1453.116
````````Process Check: objlist.exe by Laurent````````
ESET ESET Online Scanner OnlineScannerApp.exe
Steganos Online Shield OnlineShieldService.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-06-2013
Ran by Xxxx (administrator) on 27-06-2013 00:14:49
Running from C:\Users\Xxxx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-09-16] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart [980920 2012-05-22] (The Eraser Project)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKU\UpdatusUser\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [245432 2012-12-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201136 2012-12-03] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.faz.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKCU SearchScopes: DefaultScope {9B94BCE6-B0E4-4AB1-AEDD-A827566D784C} URL =
SearchScopes: HKCU - {9B94BCE6-B0E4-4AB1-AEDD-A827566D784C} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} hxxp://dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 194.151.228.18 194.151.228.34
Tcpip\..\Interfaces\{ED8AA9E1-3F58-4C73-824C-10F9990032C9}: [NameServer]131.174.117.20
FireFox:
========
FF ProfilePath: C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default
FF Homepage: https://share.ru.nl/|hxxp://www.gmx.net/|hxxp://dict.leo.org/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: copylinktext - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\copylinktext@brett.zamir.xpi
FF Extension: copylinkurl - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\copylinkurl@bluelightdev.com.xpi
FF Extension: fdm_ffext - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: No Name - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\80zf2kzp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-12] (CyberLink)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()
R2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [303368 2013-05-16] (Steganos Software GmbH)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030440 2013-06-26] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-26] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-06-06] (REALiX(tm))
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-12-03] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [21048 2011-10-10] (Resplendence Software Projects Sp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz130; \??\C:\Users\Xxxx\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-27 00:12 - 2013-06-27 00:12 - 01931896 ____A (Farbar) C:\Users\Xxxx\Desktop\FRST64.exe
2013-06-26 23:02 - 2013-06-26 23:02 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 23:02 - 2013-06-26 23:02 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-26 21:20 - 2013-06-26 21:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-26 20:05 - 2013-06-26 20:05 - 00890988 ____A C:\Users\Xxxx\Desktop\SecurityCheck.exe
2013-06-26 18:43 - 2013-06-26 18:43 - 02347384 ____A (ESET) C:\Users\Xxxx\Desktop\esetsmartinstaller_enu.exe
2013-06-26 15:47 - 2013-06-26 15:48 - 00036149 ____A C:\Users\Xxxx\Desktop\FRST(2).txt
2013-06-26 15:40 - 2013-06-26 15:40 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 15:40 - 2013-06-26 15:40 - 00000000 ____D C:\JRT
2013-06-26 15:35 - 2013-06-26 15:36 - 00001044 ____A C:\AdwCleaner[S2].txt
2013-06-25 21:51 - 2013-06-25 21:51 - 00034751 ____A C:\ComboFix.txt
2013-06-25 21:11 - 2013-06-25 21:11 - 00000000 ____D C:\FRST
2013-06-24 15:02 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-24 15:02 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-24 15:02 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-24 15:02 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-24 15:00 - 2013-06-25 21:51 - 00000000 ____D C:\Qoobox
2013-06-24 14:59 - 2013-06-24 15:28 - 00000000 ____D C:\Windows\erdnt
2013-06-24 14:56 - 2013-06-26 15:37 - 00004330 ____A C:\Windows\PFRO.log
2013-06-24 14:42 - 2013-06-26 21:08 - 00000896 ____A C:\Windows\setupact.log
2013-06-24 14:42 - 2013-06-24 14:42 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 14:40 - 2013-06-24 14:40 - 00002727 ____A C:\AdwCleaner[S1].txt
2013-06-24 11:54 - 2013-04-04 05:30 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 11:41 - 2013-06-24 13:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-24 11:26 - 2013-06-24 11:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-14 11:07 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 11:07 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 11:07 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 11:07 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 11:07 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 11:07 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 11:07 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-14 11:07 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-14 11:07 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-14 11:07 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-14 11:07 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-14 11:07 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 23:31 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:31 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 23:31 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:31 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:31 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:31 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:31 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:31 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 11:46 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 11:46 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 11:46 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 11:46 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 11:46 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 11:45 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 11:45 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 11:45 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 11:45 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 11:45 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 11:45 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 11:45 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 11:45 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 11:45 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 11:45 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 11:45 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 11:45 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 11:45 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 11:45 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-09 00:54 - 2013-06-09 00:54 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Eraser 6
2013-06-08 05:37 - 2013-06-08 05:37 - 00000000 ____D C:\Program Files\Eraser
2013-06-07 21:06 - 2013-06-07 20:54 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-07 21:06 - 2013-06-07 20:54 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-07 21:06 - 2013-06-07 20:54 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-07 20:55 - 2013-06-07 20:54 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-06 19:57 - 2013-06-26 23:02 - 01030440 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-06 19:57 - 2013-06-26 23:02 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-06 19:57 - 2013-06-24 11:01 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-06 19:57 - 2013-06-24 10:11 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Google
2013-06-06 19:57 - 2013-06-24 10:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-06 19:57 - 2013-05-09 10:59 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-06-06 19:57 - 2013-05-09 10:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-06-06 19:57 - 2013-05-09 10:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-06-06 19:56 - 2013-06-06 19:56 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-06 19:56 - 2013-05-09 10:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-06-06 19:13 - 2013-06-06 19:56 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-06 17:35 - 2013-06-06 17:35 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-06-06 17:25 - 2013-06-06 17:25 - 00031136 ____A (REALiX(tm)) C:\Windows\System32\Drivers\HWiNFO64A.SYS
==================== One Month Modified Files and Folders =======
2013-06-27 00:12 - 2013-06-27 00:12 - 01931896 ____A (Farbar) C:\Users\Xxxx\Desktop\FRST64.exe
2013-06-27 00:01 - 2012-02-28 00:12 - 01833024 ____A C:\Windows\WindowsUpdate.log
2013-06-26 23:47 - 2012-02-10 21:33 - 00000000 ____D C:\Users\Xxxx\AppData\Roaming\Skype
2013-06-26 23:23 - 2012-04-02 10:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 23:02 - 2013-06-26 23:02 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-26 23:02 - 2013-06-26 23:02 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-26 23:02 - 2013-06-06 19:57 - 01030440 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-26 23:02 - 2013-06-06 19:57 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-26 21:20 - 2013-06-26 21:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-26 21:08 - 2013-06-24 14:42 - 00000896 ____A C:\Windows\setupact.log
2013-06-26 21:06 - 2010-11-21 08:50 - 00696870 ____A C:\Windows\System32\perfh007.dat
2013-06-26 21:06 - 2010-11-21 08:50 - 00148134 ____A C:\Windows\System32\perfc007.dat
2013-06-26 21:06 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-26 20:49 - 2012-02-15 11:55 - 00000000 ____D C:\Users\Xxxx\AppData\Roaming\Vensim
2013-06-26 20:05 - 2013-06-26 20:05 - 00890988 ____A C:\Users\Xxxx\Desktop\SecurityCheck.exe
2013-06-26 18:43 - 2013-06-26 18:43 - 02347384 ____A (ESET) C:\Users\Xxxx\Desktop\esetsmartinstaller_enu.exe
2013-06-26 17:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-26 15:57 - 2009-07-14 06:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-26 15:57 - 2009-07-14 06:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-26 15:52 - 2012-01-16 06:35 - 00000000 ____D C:\ProgramData\Sonic
2013-06-26 15:49 - 2012-01-15 22:33 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-26 15:49 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 15:48 - 2013-06-26 15:47 - 00036149 ____A C:\Users\Xxxx\Desktop\FRST(2).txt
2013-06-26 15:40 - 2013-06-26 15:40 - 00000000 ____D C:\Windows\ERUNT
2013-06-26 15:40 - 2013-06-26 15:40 - 00000000 ____D C:\JRT
2013-06-26 15:37 - 2013-06-24 14:56 - 00004330 ____A C:\Windows\PFRO.log
2013-06-26 15:37 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-26 15:36 - 2013-06-26 15:35 - 00001044 ____A C:\AdwCleaner[S2].txt
2013-06-25 21:51 - 2013-06-25 21:51 - 00034751 ____A C:\ComboFix.txt
2013-06-25 21:51 - 2013-06-24 15:00 - 00000000 ____D C:\Qoobox
2013-06-25 21:49 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-25 21:35 - 2013-01-26 14:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-25 21:11 - 2013-06-25 21:11 - 00000000 ____D C:\FRST
2013-06-24 15:28 - 2013-06-24 14:59 - 00000000 ____D C:\Windows\erdnt
2013-06-24 15:16 - 2012-01-22 17:11 - 00000000 ____D C:\users\Xxxx
2013-06-24 14:42 - 2013-06-24 14:42 - 00000000 ____A C:\Windows\setuperr.log
2013-06-24 14:40 - 2013-06-24 14:40 - 00002727 ____A C:\AdwCleaner[S1].txt
2013-06-24 14:40 - 2012-12-29 14:18 - 00000000 ____D C:\Users\Xxxx\AppData\Roaming\CheckPoint
2013-06-24 13:47 - 2013-06-24 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-24 12:01 - 2012-03-25 22:29 - 00000000 ____D C:\Windows\Minidump
2013-06-24 12:01 - 2011-02-11 19:13 - 00000000 ____D C:\Windows\panther
2013-06-24 12:00 - 2012-02-11 00:24 - 00000000 ____D C:\Program Files\CCleaner
2013-06-24 11:58 - 2012-02-13 00:30 - 00000000 ____D C:\Program Files\Java
2013-06-24 11:55 - 2012-02-17 13:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-24 11:54 - 2013-05-22 10:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-24 11:26 - 2013-06-24 11:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-24 11:10 - 2012-02-12 13:31 - 00000000 ____D C:\Users\Xxxx\Desktop\Wichtig
2013-06-24 11:01 - 2013-06-06 19:57 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-24 10:14 - 2012-01-16 06:24 - 00000000 ____D C:\Program Files (x86)\Creative
2013-06-24 10:14 - 2012-01-16 06:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-24 10:11 - 2013-06-06 19:57 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Google
2013-06-24 10:11 - 2013-06-06 19:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-23 17:09 - 2013-05-22 10:11 - 00000000 ____D C:\Program Files\My Dell
2013-06-23 11:32 - 2012-02-13 00:44 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2013-06-22 23:08 - 2012-02-15 14:30 - 00000000 ____D C:\Users\Xxxx\AppData\Roaming\vlc
2013-06-20 22:25 - 2012-02-19 13:54 - 00014336 ____A C:\Users\Xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-18 09:36 - 2011-02-11 12:22 - 01590378 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-15 12:37 - 2012-07-22 18:45 - 00000000 ____D C:\Users\Xxxx\Desktop\test
2013-06-14 11:08 - 2012-02-10 20:24 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 11:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 17:23 - 2012-04-02 10:10 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:23 - 2012-01-16 05:43 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 02:53 - 2012-04-25 17:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-09 00:54 - 2013-06-09 00:54 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Eraser 6
2013-06-08 16:08 - 2013-06-14 11:07 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-14 11:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-14 11:07 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-14 11:07 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-14 11:07 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 15:37 - 2012-11-14 21:56 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-06-08 14:28 - 2013-06-14 11:07 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-14 11:07 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-14 11:07 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-14 11:07 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-14 11:07 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-14 11:07 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-14 11:07 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-08 05:53 - 2012-09-05 03:35 - 00000000 ____D C:\Users\Xxxx\Desktop\read
2013-06-08 05:41 - 2012-04-19 16:27 - 00007617 ____A C:\Users\Xxxx\AppData\Local\resmon.resmoncfg
2013-06-08 05:37 - 2013-06-08 05:37 - 00000000 ____D C:\Program Files\Eraser
2013-06-07 21:11 - 2013-04-23 10:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-07 20:54 - 2013-06-07 21:06 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-07 20:54 - 2013-06-07 21:06 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-07 20:54 - 2013-06-07 21:06 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-07 20:54 - 2013-06-07 20:55 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-07 20:54 - 2012-06-11 23:11 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-07 20:54 - 2012-01-16 06:01 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-07 20:40 - 2012-01-16 06:14 - 00000000 ____D C:\ProgramData\Adobe
2013-06-07 20:39 - 2012-02-10 22:33 - 00000000 ____D C:\Users\Xxxx\AppData\Local\Adobe
2013-06-07 11:17 - 2012-01-22 23:39 - 00000000 ____D C:\ProgramData\PCDr
2013-06-06 19:56 - 2013-06-06 19:56 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-06 19:56 - 2013-06-06 19:13 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-06 17:35 - 2013-06-06 17:35 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-06-06 17:25 - 2013-06-06 17:25 - 00031136 ____A (REALiX(tm)) C:\Windows\System32\Drivers\HWiNFO64A.SYS
2013-06-06 17:25 - 2012-03-28 22:53 - 00000000 ____D C:\Program Files\HWiNFO64
2013-06-06 13:38 - 2013-02-04 14:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-06 13:38 - 2012-01-16 06:18 - 00000000 ____D C:\ProgramData\Skype
2013-06-04 18:29 - 2012-01-16 06:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-05-29 22:09 - 2012-12-30 22:49 - 00012889 ___AH C:\Windows\SysWOW64\BTImages.dat
2013-05-29 17:53 - 2012-02-12 13:59 - 00000000 ___RD C:\Users\Xxxx\Desktop\Sonstiges
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 16:36
==================== End Of Log ============================
--- --- --- Geändert von dreisat (26.06.2013 um 23:38 Uhr) |
|
27.06.2013, 08:11
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus Java und Firefox updaten. Hattest nen Haufn Adware-Kram drauf . Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.06.2013, 09:03
| #11 |
| | Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus Hi Schrauber, vielen Dank! Hab beides upgedatet. Hatte ich nur relativ harmlose Adware drauf oder auch was bösartiges, wie nen Virus (z.B. Win32/small.ca) oder Trojaner? Über ne kurze Rückmeldung diezbezüglich würde ich mich freuen. Sonst ist alles klar. Danke nochmals! |
|
27.06.2013, 09:39
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus Adware und Trojaner, aber nix wild bösartiges
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.06.2013, 10:08
| #13 |
| | Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus Ganz herzlichen Dank dir! Hab ein bisschen Lob losgeworden  |
|
27.06.2013, 10:54
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus |
| antivirus, browser, combofix, desktop, entfernen, excel, fehlalarm, firefox, flash player, hängen, installation, internet browser, monitor, nvpciflt.sys, problem, proxy, realtek, registrierungsdatenbank, registry, server, software, super, system, updates, usb, win32/small.ca-virus, windows, wscript.exe |
Linear-Darstellung
