| |
| |||||||
Log-Analyse und Auswertung: GVU-Virus auf meinem Rechner (Windows Vista)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.07.2013, 06:59
| #1 |
 |  GVU-Virus auf meinem Rechner (Windows Vista) Hallo Zusammen, ich habe mir gestern den GVU-Virus gefangen. Ich hoffe Ihr könnt mir helfen. Die von Euch vorgeschlagenen Schritte habe ich durchgeführt und die entsprechenden Dateien beigfügt. Die Extra.txt wurde von OTL nicht erstellt und ist deshalb nicht dabei. Schon mal vielen Dank für Eure Hilfe bis hierhin!!! Viele Grüße, Stefan |
|
04.07.2013, 08:00
| #2 |
| /// the machine /// TB-Ausbilder    | GVU-Virus auf meinem Rechner (Windows Vista) Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
04.07.2013, 20:28
| #3 |
| | GVU-Virus auf meinem Rechner (Windows Vista) Hallo Schrauber,
__________________vielen Dank für die schnelle Antwort. Anbei die Dateien. 1. FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Stefan (administrator) on 04-07-2013 21:08:28
Running from G:\
MicrosoftÆ Windows Vistaô Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\system32\cmd.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-05] (Synaptics, Inc.)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [1836328 2007-09-20] (Nero AG)
HKLM\...\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" [128296 2007-10-17] (CyberLink)
HKLM\...\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" [71216 2007-02-09] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" [52256 2007-01-08] ()
HKLM\...\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" [222504 2007-09-13] (CyberLink Corp.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [220160 2007-12-14] (Google)
HKLM\...\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( )
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [286720 2007-06-29] (Apple Inc.)
HKLM\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-10-24] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8501792 2007-10-24] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-10-24] (NVIDIA Corporation)
HKLM\...\Run: [TrayServer] C:\PROGRA~1\MAGIX\FILME_~1\TrayServer.exe [90112 2008-01-17] (MAGIX AG)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2009-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [843776 2009-02-06] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation [161336 2011-12-11] (Google)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1648264 2013-04-25] (Ask)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [295512 2013-06-25] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-03] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [x]
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x]
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [202024 2007-10-15] (Nero AG)
HKCU\...\Run: [EPSON SX610FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Windows\TEMP\E_SD1B.tmp" /EF "HKCU" [x] <===== ATTENTION
HKCU\...\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Windows\TEMP\E_S2636.tmp" /EF "HKCU" [x] <===== ATTENTION
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-12-01] (Google Inc.)
HKU\Mila\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mila\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]
HKU\Mila\...\Run: [WEB.DE_WEB.DE MultiMessenger] "C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE" /hide [ 2009-04-17] (WEB.DE GmbH)
HKU\Mila\...\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Users\Mila\AppData\Local\Temp\E_S690E.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Mila\...\Run: [EPSON SX610FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Users\Mila\AppData\Local\Temp\E_SE899.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Mila\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mila\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-01-08] (Skype Technologies S.A.)
HKU\Mila\...\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background [ 2013-05-29] (Sony)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\YouTube Uploader for CASIO.lnk
ShortcutTarget: YouTube Uploader for CASIO.lnk -> C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe (CASIO COMPUTER CO.,LTD.)
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\Stefan\AppData\Local\Temp\wpbt0.dll (ggggggggggggggggggggggggggg)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/freenet/
HKCU SearchScopes: DefaultScope {657DF0D1-258C-4bea-8C18-1EAAB431E726} URL = hxxp://ecosia.org/search.php?q={searchTerms}&addon=ie
SearchScopes: HKCU - {657DF0D1-258C-4bea-8C18-1EAAB431E726} URL = hxxp://ecosia.org/search.php?q={searchTerms}&addon=ie
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Ecosia Class - {7EE976C4-7B1F-47f5-8521-4527C905F3BB} - C:\Program Files\Ecosia\ecosia.dll ()
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default
FF SelectedSearchEngine: Ecosia
FF Homepage: hxxp://www.arfo-fototeam.de/
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
========================== Services (Whitelisted) =================
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-03] (Avira Operations GmbH & Co. KG)
S2 AVM IGD CTRL Service; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [118784 2005-03-04] (AVM Berlin)
S3 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin)
S2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIXÆ)
S2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2007-12-14] (Google)
S2 gupdate1ca8e1824096050; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-05] (Google Inc.)
S2 MBAMScheduler; C:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
S2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)
==================== Drivers (Whitelisted) ====================
S2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-07-02] (Protect Software GmbH)
S2 ACEDRV09; C:\Windows\system32\drivers\ACEDRV09.sys [110304 2008-03-01] (Protect Software GmbH)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-06-25] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-06-25] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-06-25] (Avira Operations GmbH & Co. KG)
S3 DCamUSBGene; C:\Windows\System32\DRIVERS\usbgene.sys [131584 2007-06-26] (Genesys Logic, Inc.)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [86824 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [114728 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [26024 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [109864 2009-03-25] (MCCI Corporation)
S3 s3017bus; C:\Windows\System32\DRIVERS\s3017bus.sys [83880 2007-12-10] (MCCI Corporation)
S3 s3017mdfl; C:\Windows\System32\DRIVERS\s3017mdfl.sys [15016 2007-12-10] (MCCI Corporation)
S3 s3017mdm; C:\Windows\System32\DRIVERS\s3017mdm.sys [110632 2007-12-10] (MCCI Corporation)
S3 s3017mgmt; C:\Windows\System32\DRIVERS\s3017mgmt.sys [104616 2007-12-10] (MCCI Corporation)
S3 s3017nd5; C:\Windows\System32\DRIVERS\s3017nd5.sys [25512 2007-12-10] (MCCI Corporation)
S3 s3017obex; C:\Windows\System32\DRIVERS\s3017obex.sys [100648 2007-12-10] (MCCI Corporation)
S3 s3017unic; C:\Windows\System32\DRIVERS\s3017unic.sys [110120 2007-12-10] (MCCI Corporation)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-06-25] (Avira GmbH)
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-01-01] ()
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45696 2007-04-25] (eMPIA Technology, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\FRST
2013-07-03 23:22 - 2013-07-03 23:22 - 00000474 ____A C:\Windows\System32\defogger_disable.log
2013-07-03 23:22 - 2013-07-03 23:22 - 00000000 ____A C:\Users\Stefan\defogger_reenable
2013-07-03 22:09 - 2013-07-03 22:09 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Avira
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-06-25 09:24 - 2013-06-25 09:24 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Avira
2013-06-25 09:19 - 2013-06-25 09:19 - 00001851 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 09:18 - 2013-06-25 09:18 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 09:18 - 2013-06-25 09:09 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-25 09:18 - 2013-06-25 09:09 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-25 09:18 - 2013-06-25 09:09 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-25 09:07 - 2013-06-25 09:07 - 02092792 ____A C:\Users\Mila\Downloads\avira_free_antivirus.exe
2013-06-25 08:40 - 2013-06-25 08:40 - 00001883 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-25 08:07 - 2013-06-25 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-25 08:00 - 2013-06-25 08:00 - 00000000 ____D C:\Users\Mila\AppData\Roaming\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000937 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\Program Files\RealNetworks
2013-06-25 07:58 - 2013-06-25 07:58 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-06-20 10:51 - 2013-06-20 10:51 - 00000000 ____D C:\Users\Mila\AppData\Local\APN
2013-06-20 10:02 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-20 10:02 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-20 10:02 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-20 10:02 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-20 10:02 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-20 10:02 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-20 10:02 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-20 10:02 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-20 10:02 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-20 10:02 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-20 10:02 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-20 10:02 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-20 10:02 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-20 10:02 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-20 10:02 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-20 10:02 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-20 09:28 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-20 09:28 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-20 09:28 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-20 09:28 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-20 09:28 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-20 09:28 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-20 09:28 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-20 09:27 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-20 09:24 - 2013-06-20 09:24 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2013-06-20 09:24 - 2013-06-20 09:24 - 00025200 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2013-06-20 09:24 - 2013-06-20 09:24 - 00012400 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
==================== One Month Modified Files and Folders ========
2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\FRST
2013-07-04 21:05 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 21:05 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 21:04 - 2012-06-12 07:56 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 21:04 - 2008-01-21 11:27 - 01608047 ____A C:\Windows\WindowsUpdate.log
2013-07-04 21:04 - 2007-11-30 17:27 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-07-04 21:04 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-04 21:04 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 21:01 - 2008-01-22 10:27 - 00054932 ____A C:\Users\Mila\AppData\Roaming\nvModes.001
2013-07-04 20:59 - 2008-01-22 12:05 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Skype
2013-07-04 20:58 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-04 20:56 - 2013-02-17 19:11 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 23:22 - 2013-07-03 23:22 - 00000474 ____A C:\Windows\System32\defogger_disable.log
2013-07-03 23:22 - 2013-07-03 23:22 - 00000000 ____A C:\Users\Stefan\defogger_reenable
2013-07-03 23:22 - 2008-01-21 21:35 - 00000000 ____D C:\users\Stefan
2013-07-03 23:00 - 2006-11-02 12:33 - 01481284 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 22:58 - 2008-02-04 13:44 - 00155166 ____A C:\Users\Stefan\AppData\Roaming\nvModes.001
2013-07-03 22:28 - 2008-01-21 21:35 - 00000000 ____D C:\Users\Stefan\AppData\Local\Google
2013-07-03 22:21 - 2013-02-17 19:11 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 22:09 - 2013-07-03 22:09 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Avira
2013-06-25 16:16 - 2013-01-01 22:16 - 00159648 ____A C:\Windows\PFRO.log
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2013-06-25 09:55 - 2013-01-03 19:40 - 00004983 ____A C:\Windows\setupact.log
2013-06-25 09:38 - 2008-01-21 11:28 - 00000000 ___AD C:\users\Mila
2013-06-25 09:24 - 2013-06-25 09:24 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Avira
2013-06-25 09:19 - 2013-06-25 09:19 - 00001851 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-25 09:18 - 2013-06-25 09:18 - 00000000 ____D C:\ProgramData\Avira
2013-06-25 09:18 - 2008-04-27 13:33 - 00000000 ____D C:\Program Files\Avira
2013-06-25 09:09 - 2013-06-25 09:18 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-25 09:09 - 2013-06-25 09:18 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-25 09:09 - 2013-06-25 09:18 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-25 09:09 - 2008-04-27 13:33 - 00028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-06-25 09:07 - 2013-06-25 09:07 - 02092792 ____A C:\Users\Mila\Downloads\avira_free_antivirus.exe
2013-06-25 08:48 - 2008-11-06 12:24 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-25 08:48 - 2008-11-06 12:24 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-06-25 08:42 - 2013-02-11 20:01 - 00575436 ____A C:\Windows\DPINST.LOG
2013-06-25 08:40 - 2013-06-25 08:40 - 00001883 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-25 08:39 - 2007-11-30 17:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-25 08:13 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-25 08:07 - 2013-06-25 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 08:07 - 2013-06-25 08:07 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-25 08:07 - 2012-10-14 10:19 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-25 08:07 - 2011-05-08 21:45 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-25 08:07 - 2007-12-04 10:17 - 00000000 ____D C:\Program Files\Java
2013-06-25 08:00 - 2013-06-25 08:00 - 00000000 ____D C:\Users\Mila\AppData\Roaming\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000937 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\Program Files\RealNetworks
2013-06-25 07:58 - 2013-06-25 07:58 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-06-25 07:58 - 2013-02-15 09:17 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2013-06-25 07:58 - 2009-12-29 18:41 - 00000000 ____D C:\ProgramData\Real
2013-06-25 07:58 - 2008-05-04 08:20 - 00000000 ____D C:\Program Files\Real
2013-06-25 07:57 - 2013-02-15 09:16 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2013-06-25 07:57 - 2013-02-15 09:16 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2013-06-25 07:57 - 2013-02-15 09:16 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2013-06-25 07:53 - 2008-01-21 11:28 - 00000000 ____D C:\Users\Mila\AppData\Local\Google
2013-06-20 10:51 - 2013-06-20 10:51 - 00000000 ____D C:\Users\Mila\AppData\Local\APN
2013-06-20 10:51 - 2013-02-17 20:45 - 00000000 ____D C:\Program Files\Ask.com
2013-06-20 10:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-20 10:02 - 2006-11-02 12:23 - 00000240 ____A C:\Windows\win.ini
2013-06-20 09:54 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-20 09:24 - 2013-06-20 09:24 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2013-06-20 09:24 - 2013-06-20 09:24 - 00025200 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2013-06-20 09:24 - 2013-06-20 09:24 - 00012400 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
2013-06-20 09:05 - 2012-06-12 07:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-20 09:05 - 2012-01-24 22:54 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-04 21:02
==================== End Of Log ============================
2. Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2013
Ran by Stefan at 2013-07-04 21:09:56
Running from G:\
Boot Mode: Safe Mode (minimal)
==========================================================
==================== Installed Programs =======================
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0.1)
Adobe Color EU Recommended Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Extra Settings (Version: 1.0)
Adobe Creative Suite 3 Design Premium hinzuf¸gen oder entfernen (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop 7.0.1 (Version: 7.0)
Adobe Reader 8.1.3 - Deutsch (Version: 8.1.3)
Adobe Reader 8.2.0 - Deutsch (Version: 8.2.0)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11 (Version: 11)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Version Cue CS3 Server {ko_KR} (Version: 3.0.0.0 {ko_KR} )
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
ALDI Foto Manager Free Sued (Version: 3.4.0.466)
AMR to MP3 Converter 1.4
Ask Toolbar (Version: 1.15.25.0)
Ask Toolbar Updater (HKCU Version: 1.2.4.36191)
Avira Free Antivirus (Version: 13.0.0.3737)
AVM FRITZ!DSL
Bluetooth Stack for Windows by Toshiba (Version: v5.10.14)
Capture NX (Version: 1.3.0)
CCleaner (Version: 3.23)
Compatibility Pack f¸r 2007 Office System (Version: 12.0.6612.1000)
Corel Applications
CyberLink Power2Go (Version: 6.0.1109a)
CyberLink YouCam (Version: 1.0.1205)
CyberLink YouCam (Version: 1.00.0000)
Das Aquarium mit der Maus ScreenSaver
DC-Bodenmechanik (Version: 2.1.4)
DC-Grundbaustatik (Version: 2.4.8)
DVD Shrink 3.2
Ecosia Plugin 1.0
ElsterFormular f¸r Privatanwender (Version: 12.1.1.6214p)
Epson Easy Photo Print 2 (Version: 2.1.0.0)
Epson Event Manager (Version: 2.30.00)
Epson FAX Utility (Version: 1.00.000)
Epson PC-FAX Driver
Epson Printer Software Downloader
Epson Printer Software Downloader (Version: 2.0.0)
EPSON Scan
Epson Stylus Office BX610FW_Office TX610FW_SX610FW Handbuch
EPSON SX610FW Series Printer Uninstall
EpsonNet Print (Version: 2.4i)
EpsonNet Setup (Version: 3.1a)
ESET Online Scanner v3
FDRTools Basic 2.3.0beta1 (Version: 2.3.0)
Firebird SQL Server - MAGIX Edition (Version: 2.0.1.13)
FormatFactory 2.50 (Version: 2.50)
Genesys PC Camera Device (Version: 0.1.0.0)
Google Chrome (Version: 27.0.1453.116)
Google Desktop (Version: -)
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.145)
Google Updater (Version: 2.4.2432.1652)
Intel(R) Matrix Storage Manager
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
king.com (remove only)
Letstrade (Version: 1.00.0000)
MAGIX Filme auf DVD 8 8.0.0.11 (D) (Version: 8.0.0.11)
MAGIX Foto Clinic 6 6.0.10.0 (D) (Version: 6.0.10.0)
MAGIX Foto Manager 2008 5.0.0.255 (D) (Version: 5.0.0.255)
MAGIX Fotos auf CD & DVD 6.5 deluxe 6.5.0.21 (D) (Version: 6.5.0.21)
MAGIX Goya burnR 2.3.1.3 (D) (Version: 2.3.1.3)
MAGIX Music Cleaning Lab 2008 deluxe 9.0.1.0 (D) (Version: 9.0.1.0)
MAGIX Music Manager 2007 8.1.1.108 (D) (Version: 8.1.1.108)
MAGIX Online Druck Service 3.4.3.0 (D) (Version: 3.4.3.0)
MAGIX PC Visit (Version: 4.3.6.1987)
MAGIX USB-Videowandler 2 (Version: 1.00.0000)
MAGIXUSB-Videowandler 2 Device Driver
MakeDisc (Version: 3.0.2320)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Media Go (Version: 1.0.373)
MediaShow (Version: 3.0.4325)
MEDION Fotos auf CD Sued (Version: 6.0.2.0)
MEDIONbox (Version: 1.09.0000.00052)
Mein CEWE FOTOBUCH
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.0.7820.0)
Mozilla Firefox 18.0.2 (x86 de) (Version: 18.0.2)
Mozilla Maintenance Service (Version: 18.0.2)
Mozilla Thunderbird (3.1.20) (Version: 3.1.20 (de))
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mufin MusicFinder Base 1.5.3.255 (D) (Version: 1.5.3.255)
Nero 8 Essentials (Version: 8.10.284)
neroxml (Version: 1.0.0)
Nikon Message Center (Version: 0.92.000)
Nikon RAW Codec (Version: 1.00.0000)
Nikon Transfer (Version: 1.0.1)
Norton Security Scan (Version: 1.4.0)
Norton Security Scan (Version: 2.7.3.34)
NVIDIA Drivers
PDF Settings (Version: 1.0)
Photomatix Pro version 3.1.3 (Version: 3.1.3)
PhotoNow! (Version: 1.0.4310)
Picture Control Utility (Version: 1.0.2)
PowerDirector (Version: 6.5.2209a)
PowerDVD (Version: 7.0.3118.0)
PowerProducer (Version: 4.2.2219)
QuickTime (Version: 7.2.0.240)
QuiltAssistent
Ralink Wireless LAN (Version: 1.00.0000)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5523)
Realtek USB 2.0 Card Reader (Version: )
RealUpgrade 1.1 (Version: 1.1.0)
RescuePRO Deluxe 4.0
Saal Digital
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 (Version: 3.0.0.80301)
Samsung PC Studio 3 (Version: 3.2.2.80705)
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
Sceneo AbsolutTV
screensaver
SereneScreen Marine Aquarium 2.6 (Version: 2.6)
Skypeô 6.1 (Version: 6.1.129)
Sony Ericsson Media Manager 1.1 (Version: 1.1.550)
Sony Ericsson PC Suite 5.007.01 (Version: 5.007.01)
Sony Ericsson Update Engine (Version: 2.13.7.201306141231)
Sony PC Companion 2.10.165 (Version: 2.10.165)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Synaptics Pointing Device Driver (Version: 9.1.10.0)
TVsweeper 3 (Version: 3.0.3)
Ulead PhotoImpact 12 (Version: 12.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update Service (Version: 2.9.2.12)
VCRedistSetup (Version: 1.0.0)
ViewNX (Version: 1.0.1)
WEB.DE MultiMessenger (Version: 3.70.2806)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WISO Mein Geld 2008 Professional (Version: 9.00.01.0023)
X10 Hardware(TM)
YouTube Uploader for CASIO (Version: 1.0.1.0)
Zylom Games Player Plugin
==================== Restore Points =========================
25-06-2013 05:44:32 Windows Update
25-06-2013 05:49:52 Sony Ericsson PC Suite Drivers
25-06-2013 06:05:41 Installed Java 7 Update 25
25-06-2013 06:40:35 Sony Ericsson PC Suite Drivers
25-06-2013 06:41:02 Sony PC Companion
25-06-2013 06:49:13 Uninstalled Sony Ericsson Drivers
25-06-2013 06:49:34 Installed Sony Ericsson Drivers
25-06-2013 07:36:46 Installed Emma Device Driver(s)
25-06-2013 07:41:43 Uninstalled Sony Ericsson Drivers
25-06-2013 07:41:53 Installed Sony Ericsson Drivers
25-06-2013 07:42:33 Uninstalled Sony Ericsson Drivers
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0E792885-95E6-4E2F-9ACB-43B1F3938DBB} - System32\Tasks\WPD\SqmUpload_S-1-5-21-467133875-3664071592-3944233276-1003 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {0F264FB1-8C99-4E39-9955-005A150A606D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-20] (Adobe Systems Incorporated)
Task: {1B727954-581C-4821-BE59-FDB302AF3C51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-05] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {230DDC94-D88E-4274-A083-48FE894A899F} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)
Task: {23E71B69-5E07-4FB0-90AB-929198A34463} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-467133875-3664071592-3944233276-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {25887E91-06E5-41B3-AAC3-C45C1BBFE032} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-05] (Google Inc.)
Task: {3625F46C-1137-407E-B993-F955226665CB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-467133875-3664071592-3944233276-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5866B935-1244-499F-AD46-6F0ED64C1C2A} - System32\Tasks\WPD\SqmUpload_S-1-5-21-467133875-3664071592-3944233276-1004 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {59B580E1-B70F-4B9D-9399-3AAB3A61547D} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-08] (Google)
Task: {64D25247-C4DD-4F9A-99AE-3862422ABC3F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-467133875-3664071592-3944233276-1004 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {6B8655A2-FC2A-4C77-BA9B-6FC23A18875B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-467133875-3664071592-3944233276-1004 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {73FBDFF5-41B2-41DD-AA34-21D498E27CBE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-467133875-3664071592-3944233276-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {7A70BA79-FCAC-4E3F-8706-2C28D7B5150D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {934698F2-8651-4A89-A81A-4D8EF9133063} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {934C4FB9-15B2-4239-B4F9-0C7CF4159E64} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-04-25] ()
Task: {9A3F5134-86BF-4B1D-9DBF-5229BC09B62B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-467133875-3664071592-3944233276-1004 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {9CAE9264-973A-48E4-BA8D-8AD6FB23E887} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23] (SEIKO EPSON CORPORATION)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {AF9538F9-7B81-45B8-9882-A85B8FD57DA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {DF29C40D-4C16-4BC6-9B4E-D9EA5F9EE0F4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-467133875-3664071592-3944233276-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EFCF90FE-0B46-47E9-9362-30DCB528F66D} - System32\Tasks\Norton Security Scan for Mila => C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-28] (Symantec Corporation)
Task: {FFE0B2ED-F228-4A34-A34E-A71EC8EC013C} - System32\Tasks\User_Feed_Synchronization-{985A263B-1E14-4845-80C4-E588BDFF7266} => C:\Windows\system32\msfeedssync.exe [2012-02-28] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => ?
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Mila.job => C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/04/2013 09:00:10 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes f¸r "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abh‰ngige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie f¸r eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/04/2013 00:03:14 AM) (Source: PerfNet) (User: )
Description:
Error: (07/04/2013 00:03:14 AM) (Source: PerfNet) (User: )
Description:
Error: (07/04/2013 00:03:14 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (07/04/2013 00:03:14 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
Error: (07/03/2013 10:59:31 PM) (Source: Avira Antivirus) (User: NT-AUTORITƒT)
Description: AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() f¸r die Datei
C:\Users\Public\Music\Sample Music\AlbumArt_{D4213C57-0F32-4AED-82E0-A6560E1EA35F}_Large.jpg.
[ACCESS_VIOLATION Exception!! EIP = 0x704e8022]
Bitte Avira informieren und die obige Datei ¸bersenden!
Error: (07/03/2013 10:58:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes f¸r "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abh‰ngige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie f¸r eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/03/2013 10:32:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes f¸r "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abh‰ngige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie f¸r eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/03/2013 10:28:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes f¸r "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abh‰ngige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie f¸r eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/03/2013 10:00:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes f¸r "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abh‰ngige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie f¸r eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: AFD
avipbb
avkmgr
DfsC
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
ssmdrv
StarOpen
tdx
Tosrfcom
Wanarpv6
Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: NLA (Network Location Awareness)Netzwerkspeicher-Schnittstellendienst%%1068
Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: IP-HilfsdienstNetzwerkspeicher-Schnittstellendienst%%1068
Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: WebClientWebDav Client Redirector Driver%%1068
Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: SMB 2.0 MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068
Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: SMB 1.x MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068
Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: SMB MiniRedirector Wrapper and EngineRedirected Buffering Sub Sysytem%%31
Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: WebDav Client Redirector DriverRedirected Buffering Sub Sysytem%%31
Error: (07/04/2013 09:07:47 PM) (Source: Service Control Manager) (User: )
Description: ArbeitsstationsdienstNetzwerkspeicher-Schnittstellendienst%%1068
Microsoft Office Sessions:
=========================
Error: (07/04/2013 09:00:10 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
Error: (07/04/2013 00:03:14 AM) (Source: PerfNet)(User: )
Description:
Error: (07/04/2013 00:03:14 AM) (Source: PerfNet)(User: )
Description:
Error: (07/04/2013 00:03:14 AM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (07/04/2013 00:03:14 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
Error: (07/03/2013 10:59:31 PM) (Source: Avira Antivirus)(User: NT-AUTORITƒT)
Description: C:\Users\Public\Music\Sample Music\AlbumArt_{D4213C57-0F32-4AED-82E0-A6560E1EA35F}_Large.jpgACCESS_VIOLATION0x704e8022AVEPROC_TestFile()
Error: (07/03/2013 10:58:47 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
Error: (07/03/2013 10:32:57 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
Error: (07/03/2013 10:28:36 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
Error: (07/03/2013 10:00:03 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
CodeIntegrity Errors:
===================================
Date: 2013-01-05 00:05:27.108
Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-05 00:05:26.740
Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-05 00:05:26.382
Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-05 00:05:26.022
Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-05 00:04:18.296
Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-05 00:04:17.945
Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-05 00:04:17.594
Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-05 00:04:17.235
Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-04 19:06:11.510
Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-04 19:06:11.115
Description: Die Abbildintegrit‰t der Datei "\Device\HarddiskVolume1\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll" konnte nicht ¸berpr¸ft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 2045.7 MB
Available physical RAM: 1630.68 MB
Total Pagefile: 4326.7 MB
Available Pagefile: 4090.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.91 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:212.88 GB) (Free:23.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:20 GB) (Free:10.07 GB) FAT32
Drive g: (†††††††††††) (Removable) (Total:0.24 GB) (Free:0.2 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: EAF9E588)
Partition 1: (Active) - (Size=213 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)
========================================================
Disk: 2 (Size: 250 MB) (Disk ID: 98698802)
Partition 1: (Active) - (Size=250 MB) - (Type=06)
==================== End Of Log ============================
|
|
05.07.2013, 07:32
| #4 |
| /// the machine /// TB-Ausbilder | GVU-Virus auf meinem Rechner (Windows Vista) Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\Stefan\AppData\Local\Temp\wpbt0.dll (ggggggggggggggggggggggggggg)
C:\ProgramData\ezsid.dat
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.07.2013, 20:14
| #5 |
| | GVU-Virus auf meinem Rechner (Windows Vista) Hallo Schrauber, anbei die fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-07-2013
Ran by Stefan at 2013-07-05 21:10:15 Run:1
Running from G:\
Boot Mode: Safe Mode (minimal)
==============================================
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => Moved successfully.
C:\Users\Stefan\AppData\Local\Temp\wpbt0.dll => Moved successfully.
C:\ProgramData\ezsid.dat => Moved successfully.
==== End of Fixlog ====
Stefan |
|
06.07.2013, 08:47
| #6 |
| /// the machine /// TB-Ausbilder | GVU-Virus auf meinem Rechner (Windows Vista) normal booten? 
__________________ --> GVU-Virus auf meinem Rechner (Windows Vista) |
|
06.07.2013, 10:41
| #7 |
| | GVU-Virus auf meinem Rechner (Windows Vista) Ja, funktioniert. Danke!!!  |
|
06.07.2013, 10:42
| #8 |
| /// the machine /// TB-Ausbilder | GVU-Virus auf meinem Rechner (Windows Vista) Dann jetzt Kontrollscans im normalen Windows Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.07.2013, 12:12
| #9 |
| | GVU-Virus auf meinem Rechner (Windows Vista) OK, anbei die Dateien. AdwCleaner Code:
ATTFilter # AdwCleaner v2.304 - Datei am 06/07/2013 um 12:46:26 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Stefan - STEFAN-PC
# Bootmodus : Normal
# Ausgef¸hrt unter : C:\Users\Stefan\Desktop\adwcleaner.exe
# Option [Lˆschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelˆscht : C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\cwflsnih.default\searchplugins\Askcom.xml
Ordner Gelˆscht : C:\Program Files\Ask.com
Ordner Gelˆscht : C:\ProgramData\Ask
Ordner Gelˆscht : C:\Users\Mila\AppData\Local\APN
Ordner Gelˆscht : C:\Users\Mila\AppData\Local\Temp\boost_interprocess
Ordner Gelˆscht : C:\Users\Mila\AppData\LocalLow\AskToolbar
Ordner Gelˆscht : C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\cwflsnih.default\extensions\toolbar@ask.com
Ordner Gelˆscht : C:\Users\Stefan\AppData\Local\Temp\boost_interprocess
Ordner Gelˆscht : C:\Users\Stefan\AppData\LocalLow\AskToolbar
Ordner Gelˆscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schl¸ssel Gelˆscht : HKCU\Software\APN
Schl¸ssel Gelˆscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schl¸ssel Gelˆscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schl¸ssel Gelˆscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schl¸ssel Gelˆscht : HKLM\Software\APN
Schl¸ssel Gelˆscht : HKLM\Software\AskToolbar
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\cwflsnih.default\prefs.js
Gelˆscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelˆscht : user_pref("browser.search.order.1", "Ask.com");
Gelˆscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Gelˆscht : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Gelˆscht : user_pref("extensions.asktb.apn_dbr", "ff_18.0.1");
Gelˆscht : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Gelˆscht : user_pref("extensions.asktb.cbid", "^U3");
Gelˆscht : user_pref("extensions.asktb.config-updated", false);
Gelˆscht : user_pref("extensions.asktb.cr-o", "100000027cr");
Gelˆscht : user_pref("extensions.asktb.crumb", "2013.02.17+13.19.45-toolbar004iad-DE-Q29sb2duZSxHZXJtYW55");
Gelˆscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gelˆscht : user_pref("extensions.asktb.displaybehavior", "");
Gelˆscht : user_pref("extensions.asktb.displaytext", "");
Gelˆscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Gelˆscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Gelˆscht : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0018");
Gelˆscht : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Gelˆscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelˆscht : user_pref("extensions.asktb.ff19-config-first-run", "true");
Gelˆscht : user_pref("extensions.asktb.fresh-install", false);
Gelˆscht : user_pref("extensions.asktb.guid", "91F0A156-3958-4D36-A101-AFE7B0477E76");
Gelˆscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelˆscht : user_pref("extensions.asktb.if", "su");
Gelˆscht : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Gelˆscht : user_pref("extensions.asktb.l", "dis");
Gelˆscht : user_pref("extensions.asktb.last-config-req", "1372140510602");
Gelˆscht : user_pref("extensions.asktb.last-search-timestamp", "1372170742778");
Gelˆscht : user_pref("extensions.asktb.locale", "de_DE");
Gelˆscht : user_pref("extensions.asktb.location", "Cologne,Germany");
Gelˆscht : user_pref("extensions.asktb.lstation", "");
Gelˆscht : user_pref("extensions.asktb.new-tab-opt-out", true);
Gelˆscht : user_pref("extensions.asktb.news-native-on", true);
Gelˆscht : user_pref("extensions.asktb.o", "100000027");
Gelˆscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelˆscht : user_pref("extensions.asktb.pstate", "");
Gelˆscht : user_pref("extensions.asktb.qsrc", "2871");
Gelˆscht : user_pref("extensions.asktb.r", "20");
Gelˆscht : user_pref("extensions.asktb.sa", "YES");
Gelˆscht : user_pref("extensions.asktb.saguid", "49C9EAEF-1377-425D-A636-6DC736323C6D");
Gelˆscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelˆscht : user_pref("extensions.asktb.silent-upgrade", true);
Gelˆscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gelˆscht : user_pref("extensions.asktb.socialmini-first", true);
Gelˆscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelˆscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelˆscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelˆscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelˆscht : user_pref("extensions.asktb.socialmini-speed", "10000");
Gelˆscht : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gelˆscht : user_pref("extensions.asktb.themeid", "");
Gelˆscht : user_pref("extensions.asktb.timeinstalled", "20.06.2013 10:51:34");
Gelˆscht : user_pref("extensions.asktb.to", "");
Gelˆscht : user_pref("extensions.asktb.v", "3.15.25.100013");
Gelˆscht : user_pref("extensions.asktb.version", "5.15.25.36191");
Gelˆscht : user_pref("extensions.asktb.volume", "");
Gelˆscht : user_pref("extensions.enabledAddons", "%7Bd04b0b40-3dab-4f0b-97a6-04ec3eddbfb0%7D:2.0.6,%7BEF522540-[...]
Datei : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\prefs.js
Gelˆscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelˆscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelˆscht : user_pref("browser.search.order.1", "Ask.com");
Gelˆscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
*************************
AdwCleaner[S1].txt - [11946 octets] - [06/07/2013 12:46:26]
########## EOF - C:\AdwCleaner[S1].txt - [12007 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Stefan on 06.07.2013 at 12:55:18,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
~~~ Files
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\install.res.1031.dll
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\coddo3g4.default\minidumps [9 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.07.2013 at 12:58:43,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013 Ran by Stefan (administrator) on 06-07-2013 13:02:45 Running from C:\Users\Stefan\Desktop MicrosoftÆ Windows Vistaô Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe (Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe (Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamgui.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (CyberLink) C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (Cyberlink Corp.) C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (CASIO COMPUTER CO.,LTD.) C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe (Nikon Corporation) C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-07-12] (Intel Corporation) HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-05] (Synaptics, Inc.) HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG) HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [1836328 2007-09-20] (Nero AG) HKLM\...\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" [128296 2007-10-17] (CyberLink) HKLM\...\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" [71216 2007-02-09] (Cyberlink Corp.) HKLM\...\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" [52256 2007-01-08] () HKLM\...\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" [222504 2007-09-13] (CyberLink Corp.) HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [Skytel] Skytel.exe [x] HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [220160 2007-12-14] (Google) HKLM\...\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( ) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [286720 2007-06-29] (Apple Inc.) HKLM\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated) HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-10-24] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8501792 2007-10-24] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-10-24] (NVIDIA Corporation) HKLM\...\Run: [TrayServer] C:\PROGRA~1\MAGIX\FILME_~1\TrayServer.exe [90112 2008-01-17] (MAGIX AG) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2009-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [843776 2009-02-06] (SEIKO EPSON CORPORATION) HKLM\...\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated) HKLM\...\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation [161336 2011-12-11] (Google) HKLM\...\Run: [] [x] HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [295512 2013-06-25] (RealNetworks, Inc.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-03] (Avira Operations GmbH & Co. KG) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation) HKCU\...\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [x] HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKCU\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x] HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [202024 2007-10-15] (Nero AG) HKCU\...\Run: [EPSON SX610FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Windows\TEMP\E_SD1B.tmp" /EF "HKCU" [x] <===== ATTENTION HKCU\...\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Windows\TEMP\E_S2636.tmp" /EF "HKCU" [x] <===== ATTENTION HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-12-01] (Google Inc.) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKU\Mila\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation) HKU\Mila\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x] HKU\Mila\...\Run: [WEB.DE_WEB.DE MultiMessenger] "C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE" /hide [ 2009-04-17] (WEB.DE GmbH) HKU\Mila\...\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Users\Mila\AppData\Local\Temp\E_S690E.tmp" /EF "HKCU" [x] <===== ATTENTION HKU\Mila\...\Run: [EPSON SX610FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Users\Mila\AppData\Local\Temp\E_SE899.tmp" /EF "HKCU" [x] <===== ATTENTION HKU\Mila\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation) HKU\Mila\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-01-08] (Skype Technologies S.A.) HKU\Mila\...\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background [ 2013-05-29] (Sony) Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\ProgramData\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\YouTube Uploader for CASIO.lnk ShortcutTarget: YouTube Uploader for CASIO.lnk -> C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe (CASIO COMPUTER CO.,LTD.) Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/freenet/ SearchScopes: HKCU - {657DF0D1-258C-4bea-8C18-1EAAB431E726} URL = hxxp://ecosia.org/search.php?q={searchTerms}&addon=ie BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Ecosia Class - {7EE976C4-7B1F-47f5-8521-4527C905F3BB} - C:\Program Files\Ecosia\ecosia.dll () BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default FF SelectedSearchEngine: Ecosia FF Homepage: hxxp://www.arfo-fototeam.de/ FF NetworkProxy: "no_proxies_on", "*.local" FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\searchplugins\ecosia.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Microsoft .NET Framework Assistant - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter ========================== Services (Whitelisted) ================= S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-03] (Avira Operations GmbH & Co. KG) R2 AVM IGD CTRL Service; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [118784 2005-03-04] (AVM Berlin) S3 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin) R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIXÆ) R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH) S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2007-12-14] (Google) S2 gupdate1ca8e1824096050; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-05] (Google Inc.) R2 MBAMScheduler; C:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] () R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH) S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10) ==================== Drivers (Whitelisted) ==================== R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-07-02] (Protect Software GmbH) R2 ACEDRV09; C:\Windows\system32\drivers\ACEDRV09.sys [110304 2008-03-01] (Protect Software GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-06-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-06-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-06-25] (Avira Operations GmbH & Co. KG) R3 DCamUSBGene; C:\Windows\System32\DRIVERS\usbgene.sys [131584 2007-06-26] (Genesys Logic, Inc.) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. ) R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation) S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [86824 2009-03-25] (MCCI Corporation) S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2009-03-25] (MCCI Corporation) S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [114728 2009-03-25] (MCCI Corporation) S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-25] (MCCI Corporation) S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [26024 2009-03-25] (MCCI Corporation) S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation) S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [109864 2009-03-25] (MCCI Corporation) S3 s3017bus; C:\Windows\System32\DRIVERS\s3017bus.sys [83880 2007-12-10] (MCCI Corporation) S3 s3017mdfl; C:\Windows\System32\DRIVERS\s3017mdfl.sys [15016 2007-12-10] (MCCI Corporation) S3 s3017mdm; C:\Windows\System32\DRIVERS\s3017mdm.sys [110632 2007-12-10] (MCCI Corporation) S3 s3017mgmt; C:\Windows\System32\DRIVERS\s3017mgmt.sys [104616 2007-12-10] (MCCI Corporation) S3 s3017nd5; C:\Windows\System32\DRIVERS\s3017nd5.sys [25512 2007-12-10] (MCCI Corporation) S3 s3017obex; C:\Windows\System32\DRIVERS\s3017obex.sys [100648 2007-12-10] (MCCI Corporation) S3 s3017unic; C:\Windows\System32\DRIVERS\s3017unic.sys [110120 2007-12-10] (MCCI Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-06-25] (Avira GmbH) R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-01-01] () S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.) S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45696 2007-04-25] (eMPIA Technology, Inc.) R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.) S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-06 13:02 - 2013-07-04 07:34 - 01373373 ____A (Farbar) C:\Users\Stefan\Desktop\FRST.exe 2013-07-06 12:58 - 2013-07-06 12:58 - 00001002 ____A C:\Users\Stefan\Desktop\JRT.txt 2013-07-06 12:55 - 2013-07-06 12:55 - 00000000 ____D C:\Windows\ERUNT 2013-07-06 12:54 - 2013-07-06 12:54 - 00000000 ____D C:\JRT 2013-07-06 12:52 - 2013-05-07 00:34 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Stefan\Desktop\JRT.exe 2013-07-06 12:46 - 2013-07-06 12:47 - 00012077 ____A C:\AdwCleaner[S1].txt 2013-07-06 12:45 - 2013-07-06 12:34 - 00650027 ____A C:\Users\Stefan\Desktop\adwcleaner.exe 2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\FRST 2013-07-03 23:22 - 2013-07-03 23:22 - 00000474 ____A C:\Windows\System32\defogger_disable.log 2013-07-03 23:22 - 2013-07-03 23:22 - 00000000 ____A C:\Users\Stefan\defogger_reenable 2013-07-03 22:09 - 2013-07-03 22:09 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Avira 2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2013-06-25 09:24 - 2013-06-25 09:24 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Avira 2013-06-25 09:19 - 2013-06-25 09:19 - 00001851 ____A C:\Users\Public\Desktop\Avira Control Center.lnk 2013-06-25 09:18 - 2013-06-25 09:18 - 00000000 ____D C:\ProgramData\Avira 2013-06-25 09:18 - 2013-06-25 09:09 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-06-25 09:18 - 2013-06-25 09:09 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-06-25 09:18 - 2013-06-25 09:09 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys 2013-06-25 09:07 - 2013-06-25 09:07 - 02092792 ____A C:\Users\Mila\Downloads\avira_free_antivirus.exe 2013-06-25 08:40 - 2013-06-25 08:40 - 00001883 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Program Files\Common Files\Java 2013-06-25 08:07 - 2013-06-25 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-25 08:07 - 2013-06-25 08:07 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-25 08:00 - 2013-06-25 08:00 - 00000000 ____D C:\Users\Mila\AppData\Roaming\RealNetworks 2013-06-25 07:59 - 2013-06-25 07:59 - 00000937 ____A C:\Users\Public\Desktop\RealPlayer.lnk 2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\ProgramData\RealNetworks 2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\Program Files\RealNetworks 2013-06-25 07:58 - 2013-06-25 07:58 - 00000000 ____D C:\Program Files\Common Files\xing shared 2013-06-20 10:02 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-20 10:02 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-20 10:02 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-20 10:02 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-20 10:02 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-20 10:02 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-20 10:02 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-20 10:02 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-20 10:02 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-20 10:02 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-20 10:02 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-20 10:02 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-20 10:02 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-20 10:02 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-20 10:02 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-20 10:02 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-20 09:28 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-20 09:28 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-06-20 09:28 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-06-20 09:28 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-20 09:28 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll 2013-06-20 09:28 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-20 09:28 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-20 09:28 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-20 09:28 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-20 09:28 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-20 09:27 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-20 09:24 - 2013-06-20 09:24 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll 2013-06-20 09:24 - 2013-06-20 09:24 - 00025200 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys 2013-06-20 09:24 - 2013-06-20 09:24 - 00012400 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys ==================== One Month Modified Files and Folders ======== 2013-07-06 12:58 - 2013-07-06 12:58 - 00001002 ____A C:\Users\Stefan\Desktop\JRT.txt 2013-07-06 12:55 - 2013-07-06 12:55 - 00000000 ____D C:\Windows\ERUNT 2013-07-06 12:54 - 2013-07-06 12:54 - 00000000 ____D C:\JRT 2013-07-06 12:50 - 2008-02-04 13:44 - 00155166 ____A C:\Users\Stefan\AppData\Roaming\nvModes.001 2013-07-06 12:50 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-07-06 12:49 - 2013-02-17 19:11 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-06 12:48 - 2006-11-02 15:01 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-06 12:48 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-06 12:48 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-06 12:48 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-06 12:47 - 2013-07-06 12:46 - 00012077 ____A C:\AdwCleaner[S1].txt 2013-07-06 12:47 - 2008-01-21 11:27 - 01664172 ____A C:\Windows\WindowsUpdate.log 2013-07-06 12:47 - 2007-11-30 17:27 - 00000012 ____A C:\Windows\bthservsdp.dat 2013-07-06 12:34 - 2013-07-06 12:45 - 00650027 ____A C:\Users\Stefan\Desktop\adwcleaner.exe 2013-07-05 21:04 - 2012-06-12 07:56 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-05 21:00 - 2008-01-22 12:05 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Skype 2013-07-05 20:58 - 2008-01-22 10:27 - 00054932 ____A C:\Users\Mila\AppData\Roaming\nvModes.001 2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\FRST 2013-07-04 07:34 - 2013-07-06 13:02 - 01373373 ____A (Farbar) C:\Users\Stefan\Desktop\FRST.exe 2013-07-03 23:22 - 2013-07-03 23:22 - 00000474 ____A C:\Windows\System32\defogger_disable.log 2013-07-03 23:22 - 2013-07-03 23:22 - 00000000 ____A C:\Users\Stefan\defogger_reenable 2013-07-03 23:22 - 2008-01-21 21:35 - 00000000 ____D C:\users\Stefan 2013-07-03 23:00 - 2006-11-02 12:33 - 01481284 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-03 22:28 - 2008-01-21 21:35 - 00000000 ____D C:\Users\Stefan\AppData\Local\Google 2013-07-03 22:21 - 2013-02-17 19:11 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-03 22:09 - 2013-07-03 22:09 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Avira 2013-06-25 16:16 - 2013-01-01 22:16 - 00159648 ____A C:\Windows\PFRO.log 2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2013-06-25 09:55 - 2013-01-03 19:40 - 00004983 ____A C:\Windows\setupact.log 2013-06-25 09:38 - 2008-01-21 11:28 - 00000000 ___AD C:\users\Mila 2013-06-25 09:24 - 2013-06-25 09:24 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Avira 2013-06-25 09:19 - 2013-06-25 09:19 - 00001851 ____A C:\Users\Public\Desktop\Avira Control Center.lnk 2013-06-25 09:18 - 2013-06-25 09:18 - 00000000 ____D C:\ProgramData\Avira 2013-06-25 09:18 - 2008-04-27 13:33 - 00000000 ____D C:\Program Files\Avira 2013-06-25 09:09 - 2013-06-25 09:18 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-06-25 09:09 - 2013-06-25 09:18 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-06-25 09:09 - 2013-06-25 09:18 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys 2013-06-25 09:09 - 2008-04-27 13:33 - 00028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys 2013-06-25 09:07 - 2013-06-25 09:07 - 02092792 ____A C:\Users\Mila\Downloads\avira_free_antivirus.exe 2013-06-25 08:48 - 2008-11-06 12:24 - 00000000 ____D C:\ProgramData\Sony Ericsson 2013-06-25 08:48 - 2008-11-06 12:24 - 00000000 ____D C:\Program Files\Sony Ericsson 2013-06-25 08:42 - 2013-02-11 20:01 - 00575436 ____A C:\Windows\DPINST.LOG 2013-06-25 08:40 - 2013-06-25 08:40 - 00001883 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2013-06-25 08:39 - 2007-11-30 17:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-06-25 08:13 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Program Files\Common Files\Java 2013-06-25 08:07 - 2013-06-25 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-25 08:07 - 2013-06-25 08:07 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-25 08:07 - 2012-10-14 10:19 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-06-25 08:07 - 2011-05-08 21:45 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-06-25 08:07 - 2007-12-04 10:17 - 00000000 ____D C:\Program Files\Java 2013-06-25 08:00 - 2013-06-25 08:00 - 00000000 ____D C:\Users\Mila\AppData\Roaming\RealNetworks 2013-06-25 07:59 - 2013-06-25 07:59 - 00000937 ____A C:\Users\Public\Desktop\RealPlayer.lnk 2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\ProgramData\RealNetworks 2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\Program Files\RealNetworks 2013-06-25 07:58 - 2013-06-25 07:58 - 00000000 ____D C:\Program Files\Common Files\xing shared 2013-06-25 07:58 - 2013-02-15 09:17 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll 2013-06-25 07:58 - 2009-12-29 18:41 - 00000000 ____D C:\ProgramData\Real 2013-06-25 07:58 - 2008-05-04 08:20 - 00000000 ____D C:\Program Files\Real 2013-06-25 07:57 - 2013-02-15 09:16 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll 2013-06-25 07:57 - 2013-02-15 09:16 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll 2013-06-25 07:57 - 2013-02-15 09:16 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll 2013-06-25 07:53 - 2008-01-21 11:28 - 00000000 ____D C:\Users\Mila\AppData\Local\Google 2013-06-20 10:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE 2013-06-20 10:02 - 2006-11-02 12:23 - 00000240 ____A C:\Windows\win.ini 2013-06-20 09:54 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-06-20 09:24 - 2013-06-20 09:24 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll 2013-06-20 09:24 - 2013-06-20 09:24 - 00025200 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys 2013-06-20 09:24 - 2013-06-20 09:24 - 00012400 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys 2013-06-20 09:05 - 2012-06-12 07:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-20 09:05 - 2012-01-24 22:54 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-06 12:55 ==================== End Of Log ============================ Viele Grüße, Stefan |
|
06.07.2013, 14:57
| #10 |
| /// the machine /// TB-Ausbilder | GVU-Virus auf meinem Rechner (Windows Vista) Supi, ein Onlinescan und wir sind durch. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.07.2013, 11:36
| #11 |
| | GVU-Virus auf meinem Rechner (Windows Vista) Hallo Schrauber, schonmal vielen Dank für Deine Hilfe bis hier hin. http://www.trojaner-board.de/images/...ankeschoen.gif Anbei die gewünschten files: log.txt Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=46ea2c5bbac6fb4c854dc55be0278eee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-14 12:44:29
# local_time=2012-10-14 02:44:29 (+0100, Mitteleurop‰ische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 317185 125105090 392201 0
# compatibility_mode=5892 16776573 100 100 86904 187741254 0 0
# compatibility_mode=8192 67108863 100 0 936 936 0 0
# scanned=269068
# found=1
# cleaned=1
# scan_time=10143
C:\Users\Mila\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=46ea2c5bbac6fb4c854dc55be0278eee
# engine=14295
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-06 11:10:39
# local_time=2013-07-07 01:10:39 (+0100, Mitteleurop‰ische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 22450 195056478 15220 0
# compatibility_mode=5892 16776574 100 100 1008580 210684967 0 0
# scanned=279490
# found=2
# cleaned=0
# scan_time=20220
sh=59BB948DF73BD1F9F81FEC67025F00B27BAFBB1C ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\FRST\Quarantine\regmonstd.lnk"
sh=82BD5E86545D3918F85B19C4E4D06B20B95C0016 ft=0 fh=0000000000000000 vn="Win32/Reveton.R trojan" ac=I fn="C:\Users\Stefan\AppData\Local\Temp\0tbpw.js"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=46ea2c5bbac6fb4c854dc55be0278eee
# engine=14298
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-07 09:55:43
# local_time=2013-07-07 11:55:43 (+0100, Mitteleurop‰ische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 61154 195095182 10753 0
# compatibility_mode=5892 16776574 100 100 1047284 210723671 0 0
# scanned=279376
# found=3
# cleaned=0
# scan_time=10549
sh=59BB948DF73BD1F9F81FEC67025F00B27BAFBB1C ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\FRST\Quarantine\regmonstd.lnk"
sh=174E7CB4B66A24DE50143DDCD0AA7FE95BFED768 ft=1 fh=ec8c3725fec6f2e1 vn="a variant of Win32/Kryptik.BEYE trojan" ac=I fn="C:\FRST\Quarantine\wpbt0.dll"
sh=82BD5E86545D3918F85B19C4E4D06B20B95C0016 ft=0 fh=0000000000000000 vn="Win32/Reveton.R trojan" ac=I fn="C:\Users\Stefan\AppData\Local\Temp\0tbpw.js"
Code:
ATTFilter esults of screen317's Security Check version 0.99.68 Windows Vista Service Pack 2 x86 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java 7 Update 25 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox 18.0.2 Firefox out of Date! Mozilla Thunderbird (3.1.20) Thunderbird out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013 Ran by Stefan (administrator) on 07-07-2013 12:27:55 Running from C:\Users\Stefan\Desktop MicrosoftÆ Windows Vistaô Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe (Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe (Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamgui.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (CyberLink) C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (Cyberlink Corp.) C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (CASIO COMPUTER CO.,LTD.) C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe (Nikon Corporation) C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-07-12] (Intel Corporation) HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-05] (Synaptics, Inc.) HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG) HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [1836328 2007-09-20] (Nero AG) HKLM\...\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" [128296 2007-10-17] (CyberLink) HKLM\...\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" [71216 2007-02-09] (Cyberlink Corp.) HKLM\...\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" [52256 2007-01-08] () HKLM\...\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" [222504 2007-09-13] (CyberLink Corp.) HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [Skytel] Skytel.exe [x] HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [220160 2007-12-14] (Google) HKLM\...\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( ) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [286720 2007-06-29] (Apple Inc.) HKLM\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated) HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-10-24] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8501792 2007-10-24] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-10-24] (NVIDIA Corporation) HKLM\...\Run: [TrayServer] C:\PROGRA~1\MAGIX\FILME_~1\TrayServer.exe [90112 2008-01-17] (MAGIX AG) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2009-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [843776 2009-02-06] (SEIKO EPSON CORPORATION) HKLM\...\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated) HKLM\...\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation [161336 2011-12-11] (Google) HKLM\...\Run: [] [x] HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [295512 2013-06-25] (RealNetworks, Inc.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-03] (Avira Operations GmbH & Co. KG) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation) HKCU\...\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [x] HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKCU\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x] HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [202024 2007-10-15] (Nero AG) HKCU\...\Run: [EPSON SX610FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Windows\TEMP\E_SD1B.tmp" /EF "HKCU" [x] <===== ATTENTION HKCU\...\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Windows\TEMP\E_S2636.tmp" /EF "HKCU" [x] <===== ATTENTION HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-12-01] (Google Inc.) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKU\Mila\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation) HKU\Mila\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x] HKU\Mila\...\Run: [WEB.DE_WEB.DE MultiMessenger] "C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE" /hide [ 2009-04-17] (WEB.DE GmbH) HKU\Mila\...\Run: [Epson Stylus SX610FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Users\Mila\AppData\Local\Temp\E_S690E.tmp" /EF "HKCU" [x] <===== ATTENTION HKU\Mila\...\Run: [EPSON SX610FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE /FU "C:\Users\Mila\AppData\Local\Temp\E_SE899.tmp" /EF "HKCU" [x] <===== ATTENTION HKU\Mila\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation) HKU\Mila\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-01-08] (Skype Technologies S.A.) HKU\Mila\...\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background [ 2013-05-29] (Sony) Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\ProgramData\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\YouTube Uploader for CASIO.lnk ShortcutTarget: YouTube Uploader for CASIO.lnk -> C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe (CASIO COMPUTER CO.,LTD.) Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/freenet/ SearchScopes: HKCU - {657DF0D1-258C-4bea-8C18-1EAAB431E726} URL = hxxp://ecosia.org/search.php?q={searchTerms}&addon=ie BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Ecosia Class - {7EE976C4-7B1F-47f5-8521-4527C905F3BB} - C:\Program Files\Ecosia\ecosia.dll () BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default FF SelectedSearchEngine: Ecosia FF Homepage: hxxp://www.arfo-fototeam.de/ FF NetworkProxy: "no_proxies_on", "*.local" FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\searchplugins\ecosia.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Microsoft .NET Framework Assistant - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\coddo3g4.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter ========================== Services (Whitelisted) ================= S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-03] (Avira Operations GmbH & Co. KG) R2 AVM IGD CTRL Service; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [118784 2005-03-04] (AVM Berlin) S3 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin) R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIXÆ) R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH) S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2007-12-14] (Google) S2 gupdate1ca8e1824096050; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-05] (Google Inc.) R2 MBAMScheduler; C:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] () R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH) S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10) ==================== Drivers (Whitelisted) ==================== R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-07-02] (Protect Software GmbH) R2 ACEDRV09; C:\Windows\system32\drivers\ACEDRV09.sys [110304 2008-03-01] (Protect Software GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-06-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-06-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-06-25] (Avira Operations GmbH & Co. KG) R3 DCamUSBGene; C:\Windows\System32\DRIVERS\usbgene.sys [131584 2007-06-26] (Genesys Logic, Inc.) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. ) R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation) S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [86824 2009-03-25] (MCCI Corporation) S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2009-03-25] (MCCI Corporation) S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [114728 2009-03-25] (MCCI Corporation) S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-25] (MCCI Corporation) S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [26024 2009-03-25] (MCCI Corporation) S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation) S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [109864 2009-03-25] (MCCI Corporation) S3 s3017bus; C:\Windows\System32\DRIVERS\s3017bus.sys [83880 2007-12-10] (MCCI Corporation) S3 s3017mdfl; C:\Windows\System32\DRIVERS\s3017mdfl.sys [15016 2007-12-10] (MCCI Corporation) S3 s3017mdm; C:\Windows\System32\DRIVERS\s3017mdm.sys [110632 2007-12-10] (MCCI Corporation) S3 s3017mgmt; C:\Windows\System32\DRIVERS\s3017mgmt.sys [104616 2007-12-10] (MCCI Corporation) S3 s3017nd5; C:\Windows\System32\DRIVERS\s3017nd5.sys [25512 2007-12-10] (MCCI Corporation) S3 s3017obex; C:\Windows\System32\DRIVERS\s3017obex.sys [100648 2007-12-10] (MCCI Corporation) S3 s3017unic; C:\Windows\System32\DRIVERS\s3017unic.sys [110120 2007-12-10] (MCCI Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-06-25] (Avira GmbH) R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-01-01] () S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.) S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45696 2007-04-25] (eMPIA Technology, Inc.) R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.) S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-07 12:21 - 2013-07-06 18:06 - 00890988 ____A C:\Users\Stefan\Desktop\SecurityCheck.exe 2013-07-06 18:09 - 2013-04-04 14:07 - 02347384 ____A (ESET) C:\Users\Stefan\Desktop\esetsmartinstaller_enu.exe 2013-07-06 13:02 - 2013-07-04 07:34 - 01373373 ____A (Farbar) C:\Users\Stefan\Desktop\FRST.exe 2013-07-06 12:58 - 2013-07-06 12:58 - 00001002 ____A C:\Users\Stefan\Desktop\JRT.txt 2013-07-06 12:55 - 2013-07-06 12:55 - 00000000 ____D C:\Windows\ERUNT 2013-07-06 12:54 - 2013-07-06 12:54 - 00000000 ____D C:\JRT 2013-07-06 12:52 - 2013-05-07 00:34 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Stefan\Desktop\JRT.exe 2013-07-06 12:46 - 2013-07-06 12:47 - 00012077 ____A C:\AdwCleaner[S1].txt 2013-07-06 12:45 - 2013-07-06 12:34 - 00650027 ____A C:\Users\Stefan\Desktop\adwcleaner.exe 2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\FRST 2013-07-03 23:22 - 2013-07-03 23:22 - 00000474 ____A C:\Windows\System32\defogger_disable.log 2013-07-03 23:22 - 2013-07-03 23:22 - 00000000 ____A C:\Users\Stefan\defogger_reenable 2013-07-03 22:09 - 2013-07-03 22:09 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Avira 2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2013-06-25 09:24 - 2013-06-25 09:24 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Avira 2013-06-25 09:19 - 2013-06-25 09:19 - 00001851 ____A C:\Users\Public\Desktop\Avira Control Center.lnk 2013-06-25 09:18 - 2013-06-25 09:18 - 00000000 ____D C:\ProgramData\Avira 2013-06-25 09:18 - 2013-06-25 09:09 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-06-25 09:18 - 2013-06-25 09:09 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-06-25 09:18 - 2013-06-25 09:09 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys 2013-06-25 09:07 - 2013-06-25 09:07 - 02092792 ____A C:\Users\Mila\Downloads\avira_free_antivirus.exe 2013-06-25 08:40 - 2013-06-25 08:40 - 00001883 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Program Files\Common Files\Java 2013-06-25 08:07 - 2013-06-25 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-25 08:07 - 2013-06-25 08:07 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-25 08:00 - 2013-06-25 08:00 - 00000000 ____D C:\Users\Mila\AppData\Roaming\RealNetworks 2013-06-25 07:59 - 2013-06-25 07:59 - 00000937 ____A C:\Users\Public\Desktop\RealPlayer.lnk 2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\ProgramData\RealNetworks 2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\Program Files\RealNetworks 2013-06-25 07:58 - 2013-06-25 07:58 - 00000000 ____D C:\Program Files\Common Files\xing shared 2013-06-20 10:02 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-20 10:02 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-20 10:02 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-20 10:02 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-20 10:02 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-20 10:02 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-20 10:02 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-20 10:02 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-20 10:02 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-20 10:02 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-20 10:02 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-20 10:02 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-20 10:02 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-20 10:02 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-20 10:02 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-20 10:02 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-20 09:28 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-20 09:28 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-06-20 09:28 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-06-20 09:28 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-20 09:28 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll 2013-06-20 09:28 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-20 09:28 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-20 09:28 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-20 09:28 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-20 09:28 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-20 09:27 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-20 09:24 - 2013-06-20 09:24 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll 2013-06-20 09:24 - 2013-06-20 09:24 - 00025200 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys 2013-06-20 09:24 - 2013-06-20 09:24 - 00012400 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys ==================== One Month Modified Files and Folders ======== 2013-07-07 12:17 - 2013-02-17 19:11 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-07 12:04 - 2012-06-12 07:56 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-07 11:22 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-07 11:22 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-07 11:17 - 2013-02-17 19:11 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-07 09:55 - 2008-01-21 11:27 - 01735871 ____A C:\Windows\WindowsUpdate.log 2013-07-07 08:49 - 2008-02-04 13:44 - 00155166 ____A C:\Users\Stefan\AppData\Roaming\nvModes.001 2013-07-07 03:24 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-07-07 03:22 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-07 03:20 - 2007-11-30 17:27 - 00000012 ____A C:\Windows\bthservsdp.dat 2013-07-07 03:20 - 2006-11-02 15:01 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-07 03:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-07 03:02 - 2006-11-02 12:33 - 01505388 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-06 20:00 - 2010-02-15 21:00 - 00000242 ____A C:\Windows\Tasks\Epson Printer Software Downloader.job 2013-07-06 18:06 - 2013-07-07 12:21 - 00890988 ____A C:\Users\Stefan\Desktop\SecurityCheck.exe 2013-07-06 12:58 - 2013-07-06 12:58 - 00001002 ____A C:\Users\Stefan\Desktop\JRT.txt 2013-07-06 12:55 - 2013-07-06 12:55 - 00000000 ____D C:\Windows\ERUNT 2013-07-06 12:54 - 2013-07-06 12:54 - 00000000 ____D C:\JRT 2013-07-06 12:47 - 2013-07-06 12:46 - 00012077 ____A C:\AdwCleaner[S1].txt 2013-07-06 12:34 - 2013-07-06 12:45 - 00650027 ____A C:\Users\Stefan\Desktop\adwcleaner.exe 2013-07-05 21:00 - 2008-01-22 12:05 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Skype 2013-07-05 20:58 - 2008-01-22 10:27 - 00054932 ____A C:\Users\Mila\AppData\Roaming\nvModes.001 2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\FRST 2013-07-04 07:34 - 2013-07-06 13:02 - 01373373 ____A (Farbar) C:\Users\Stefan\Desktop\FRST.exe 2013-07-03 23:22 - 2013-07-03 23:22 - 00000474 ____A C:\Windows\System32\defogger_disable.log 2013-07-03 23:22 - 2013-07-03 23:22 - 00000000 ____A C:\Users\Stefan\defogger_reenable 2013-07-03 23:22 - 2008-01-21 21:35 - 00000000 ____D C:\users\Stefan 2013-07-03 22:28 - 2008-01-21 21:35 - 00000000 ____D C:\Users\Stefan\AppData\Local\Google 2013-07-03 22:09 - 2013-07-03 22:09 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Avira 2013-06-25 16:16 - 2013-01-01 22:16 - 00159648 ____A C:\Windows\PFRO.log 2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf 2013-06-25 09:55 - 2013-06-25 09:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2013-06-25 09:55 - 2013-01-03 19:40 - 00004983 ____A C:\Windows\setupact.log 2013-06-25 09:38 - 2008-01-21 11:28 - 00000000 ___AD C:\users\Mila 2013-06-25 09:24 - 2013-06-25 09:24 - 00000000 ____D C:\Users\Mila\AppData\Roaming\Avira 2013-06-25 09:19 - 2013-06-25 09:19 - 00001851 ____A C:\Users\Public\Desktop\Avira Control Center.lnk 2013-06-25 09:18 - 2013-06-25 09:18 - 00000000 ____D C:\ProgramData\Avira 2013-06-25 09:18 - 2008-04-27 13:33 - 00000000 ____D C:\Program Files\Avira 2013-06-25 09:09 - 2013-06-25 09:18 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-06-25 09:09 - 2013-06-25 09:18 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-06-25 09:09 - 2013-06-25 09:18 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys 2013-06-25 09:09 - 2008-04-27 13:33 - 00028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys 2013-06-25 09:07 - 2013-06-25 09:07 - 02092792 ____A C:\Users\Mila\Downloads\avira_free_antivirus.exe 2013-06-25 08:48 - 2008-11-06 12:24 - 00000000 ____D C:\ProgramData\Sony Ericsson 2013-06-25 08:48 - 2008-11-06 12:24 - 00000000 ____D C:\Program Files\Sony Ericsson 2013-06-25 08:42 - 2013-02-11 20:01 - 00575436 ____A C:\Windows\DPINST.LOG 2013-06-25 08:40 - 2013-06-25 08:40 - 00001883 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2013-06-25 08:39 - 2007-11-30 17:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-06-25 08:13 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Program Files\Common Files\Java 2013-06-25 08:07 - 2013-06-25 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-25 08:07 - 2013-06-25 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-25 08:07 - 2013-06-25 08:07 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-25 08:07 - 2012-10-14 10:19 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-06-25 08:07 - 2011-05-08 21:45 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-06-25 08:07 - 2007-12-04 10:17 - 00000000 ____D C:\Program Files\Java 2013-06-25 08:00 - 2013-06-25 08:00 - 00000000 ____D C:\Users\Mila\AppData\Roaming\RealNetworks 2013-06-25 07:59 - 2013-06-25 07:59 - 00000937 ____A C:\Users\Public\Desktop\RealPlayer.lnk 2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\ProgramData\RealNetworks 2013-06-25 07:59 - 2013-06-25 07:59 - 00000000 ____D C:\Program Files\RealNetworks 2013-06-25 07:58 - 2013-06-25 07:58 - 00000000 ____D C:\Program Files\Common Files\xing shared 2013-06-25 07:58 - 2013-02-15 09:17 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll 2013-06-25 07:58 - 2009-12-29 18:41 - 00000000 ____D C:\ProgramData\Real 2013-06-25 07:58 - 2008-05-04 08:20 - 00000000 ____D C:\Program Files\Real 2013-06-25 07:57 - 2013-02-15 09:16 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll 2013-06-25 07:57 - 2013-02-15 09:16 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll 2013-06-25 07:57 - 2013-02-15 09:16 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll 2013-06-25 07:53 - 2008-01-21 11:28 - 00000000 ____D C:\Users\Mila\AppData\Local\Google 2013-06-20 10:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE 2013-06-20 10:02 - 2006-11-02 12:23 - 00000240 ____A C:\Windows\win.ini 2013-06-20 09:54 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-06-20 09:24 - 2013-06-20 09:24 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll 2013-06-20 09:24 - 2013-06-20 09:24 - 00025200 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys 2013-06-20 09:24 - 2013-06-20 09:24 - 00012400 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys 2013-06-20 09:05 - 2012-06-12 07:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-20 09:05 - 2012-01-24 22:54 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-07 03:37 ==================== End Of Log ============================ Viele Grüße, Stefan |
|
07.07.2013, 12:36
| #12 |
| /// the machine /// TB-Ausbilder | GVU-Virus auf meinem Rechner (Windows Vista) Flash, Adobe, Firefox und Thunderbird updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.07.2013, 15:24
| #13 |
| | GVU-Virus auf meinem Rechner (Windows Vista) Hallo Schrauber, ich habe TFC nun laufen lassen. Wie geht es weiter? Viele Grüße, Stefan |
|
07.07.2013, 18:38
| #14 |
| /// the machine /// TB-Ausbilder | GVU-Virus auf meinem Rechner (Windows Vista) Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.07.2013, 21:11
| #15 |
| | GVU-Virus auf meinem Rechner (Windows Vista) Hallo Schrauber, nochmals vielen, vielen Dank für Deine Hilfe!!! Habe alles erledigt und es scheint alles wieder zu laufen. Viele Grüße, Stefan |
|
| Themen zu GVU-Virus auf meinem Rechner (Windows Vista) |
| dateien, durchgeführt, erstell, erstellt, gestern, gvu-trojaner, gvu-virus, hallo zusammen, hoffe, rechner, schritte, stefan, vista, windows, windows vista, zusammen |
Linear-Darstellung
