| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Webseite bizcoaching öffnet sich ständig ungefragtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.07.2013, 09:13
| #16 |
 |  Webseite bizcoaching öffnet sich ständig ungefragt Hallo, entschuldigen Sie dass ich mich nicht mehr gemeldet habe, aber mir ging es zu schlecht ich habe Urlaub vorm Computer gemacht...hier das frische FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Dust (administrator) on 08-07-2013 10:11:26
Running from C:\allewebprojekte
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
() C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Apple Computer, Inc.) C:\Programme\Bonjour\mDNSResponder.exe
(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(Sun Microsystems, Inc.) C:\Programme\Java\jre6\bin\jqs.exe
(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Hewlett-Packard) C:\Programme\HP\HP Software Update\HPWuSchd2.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Programme\Skype\Phone\Skype.exe
() C:\Dokumente und Einstellungen\Dust\ceegaix.exe
() c:\dokumente und einstellungen\dust\anwendungsdaten\wmprwise.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [SkyTel] SkyTel.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13529088 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\RECYCLER\S-1-5-18\$d6f0497ef4d323fcbc4a52237e3baa9b\o. ATTENTION! ====> ZeroAccess
HKCU\...\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKCU\...\Run: [ceegaix] C:\Dokumente und Einstellungen\Dust\ceegaix.exe /w [86016 2013-07-06] ()
HKCU\...\Run: [Microsoft Firewall 2.9] C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\WMPRWISE.EXE [160389 2013-07-06] ()
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\RECYCLER\S-1-5-21-1275210071-926492609-682003330-1004\$d6f0497ef4d323fcbc4a52237e3baa9b\o. ATTENTION! ====> ZeroAccess?
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: LeapFTP Internet Explorer Hook - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - C:\PROGRA~1\LEAPFT~1.0\lftpie.dll (LeapWare)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: No Name - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} hxxp://www.cltnet.de/login/dplaunch.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Winsock: Catalog9 01 C:\Programme\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Programme\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 21 C:\Programme\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Firefox\Profiles\bq0opndw.default
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SpeedAnalysis.com - C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programme\Java\jre6\lib\deploy\jqs\ff
========================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-03-06] (Adobe Systems)
R2 AdobeActiveFileMonitor4.0; C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-10-03] ()
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-09] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe [77944 2010-12-14] (Autodesk)
R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.)
S3 FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-07-18] (Macrovision Europe Ltd.)
R2 ForcewareWebInterface; C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-04-03] (Apache Software Foundation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-02-02] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-02-02] (Google Inc.)
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-21] (Google)
R3 hpqcxs08; C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.)
R2 hpqddsvc; C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation)
S2 MSSQL$SQLEXPRESS; c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 nSvcIp; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-07-13] (NVIDIA Corporation)
R2 nSvcLog; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-07-13] (NVIDIA Corporation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 SQLBrowser; c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [242544 2007-02-10] (Microsoft Corporation)
R2 SQLWriter; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [89968 2007-02-10] (Microsoft Corporation)
R2 syshost32; C:\WINDOWS\Installer\{AA4EC929-9F4C-F92F-E21B-A65FC2029741}\syshost.exe [55296 2013-07-06] ()
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [4150112 2013-06-13] (TeamViewer GmbH)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S2 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_4f5a43dc\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_4f5a43dc\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" [x]
R2 JavaQuickStarterService; "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2009-03-05] (Windows (R) 2000 DDK provider)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-09] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2008-06-18] (Avanquest Software)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DCamUSBSQTECH; C:\Windows\System32\Drivers\SQcaptur.sys [29744 2003-10-28] (Service & Quality Technology.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [102400 2007-08-09] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-10-08] (Avira GmbH)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S4 IntelIde; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-06 18:33 - 2013-07-06 18:33 - 00060928 ____A C:\Windows\System32\Drivers\5b1c0562b57cda28.sys
2013-07-06 12:21 - 2013-07-06 12:21 - 00001478 ____A C:\AdwCleaner[S3].txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00000364 ____A C:\AdwCleaner[S2].txt
2013-07-06 11:19 - 2013-07-06 11:19 - 00000000 ____D C:\FRST
2013-07-05 21:46 - 2013-07-05 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 21:45 - 2013-07-06 12:33 - 00000000 ____D C:\JRT
2013-07-05 21:16 - 2013-07-05 21:16 - 00029922 ____A C:\AdwCleaner[S1].txt
2013-07-05 21:15 - 2013-07-05 21:15 - 00030024 ____A C:\AdwCleaner[R1].txt
2013-07-05 15:00 - 2013-07-05 15:00 - 00012506 ____A C:\Windows\KB2779562.log
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-07-05 14:59 - 2013-07-05 14:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-07-05 14:58 - 2013-07-05 14:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2753842-v2$
2013-07-05 14:57 - 2013-07-05 14:58 - 00015709 ____A C:\Windows\KB2753842-v2.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00015666 ____A C:\Windows\KB2807986.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00014415 ____A C:\Windows\KB2820197.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$
2013-07-05 14:55 - 2013-07-05 14:56 - 00014196 ____A C:\Windows\KB2838727-IE8.log
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-07-05 12:55 - 2013-07-05 12:57 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-07-05 10:31 - 2013-07-05 15:00 - 00021367 ____A C:\Windows\KB2758857.log
2013-07-05 10:31 - 2013-07-05 15:00 - 00021004 ____A C:\Windows\KB2802968.log
2013-07-05 10:31 - 2013-07-05 14:59 - 00020697 ____A C:\Windows\KB2780091.log
2013-07-05 10:30 - 2013-07-05 14:58 - 00019923 ____A C:\Windows\KB2719985.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00020327 ____A C:\Windows\KB2820917.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00019512 ____A C:\Windows\KB2757638.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00019488 ____A C:\Windows\KB2839229.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019619 ____A C:\Windows\KB2813345.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019495 ____A C:\Windows\KB2749655.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019070 ____A C:\Windows\KB2661254-v2.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00018650 ____A C:\Windows\KB2727528.log
2013-07-05 10:30 - 2013-02-12 02:32 - 00012928 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usb8023x.sys
2013-07-05 10:29 - 2013-07-05 14:55 - 00013004 ____A C:\Windows\KB2829361.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006220 ____A C:\Windows\KB946648.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006020 ____A C:\Windows\KB973687.log
2013-07-04 22:13 - 2013-07-04 22:13 - 00000236 ____A C:\Windows\DtcInstall.log
2013-07-04 22:11 - 2013-07-04 22:13 - 00002162 ____A C:\Windows\wmsetup.log
2013-07-04 22:11 - 2013-07-04 22:11 - 00000187 ____A C:\Windows\spupdsvc.log.1.log
2013-07-04 21:56 - 2013-07-04 21:56 - 00000000 __HDC C:\Windows\$NtUninstallKB956744$
2013-07-04 21:53 - 2013-07-04 22:13 - 00069530 ____A C:\Windows\spupdsvc.log
2013-07-04 21:53 - 2013-07-04 21:53 - 00000173 ____A C:\Windows\cmsetacl.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000311 ____A C:\Windows\sessmgr.setup.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000000 ____D C:\Windows\System32\bits
2013-07-04 21:52 - 2008-04-14 07:51 - 00086016 ____C (Sipro Lab Telecom Inc.) C:\Windows\System32\dllcache\sl_anet.acm
2013-07-04 21:52 - 2008-04-14 07:50 - 00294912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msaud32.acm
2013-07-04 21:52 - 2008-04-14 07:50 - 00290816 ____C (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\dllcache\l3codeca.acm
2013-07-04 21:52 - 2007-06-26 11:30 - 00572557 ____C C:\Windows\System32\dllcache\rtuner.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00457607 ____C C:\Windows\System32\dllcache\mdlib.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00381425 ____C C:\Windows\System32\dllcache\copycd.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00375519 ____C C:\Windows\System32\dllcache\nuskin.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00354468 ____C C:\Windows\System32\dllcache\wmpaud1.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00343204 ____C C:\Windows\System32\dllcache\wmpaud7.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00343204 ____C C:\Windows\System32\dllcache\wmpaud6.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00300969 ____C C:\Windows\System32\dllcache\viz.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud9.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud8.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud3.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086196 ____C C:\Windows\System32\dllcache\wmpaud5.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086180 ____C C:\Windows\System32\dllcache\wmpaud4.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086180 ____C C:\Windows\System32\dllcache\wmpaud2.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00022060 ____C C:\Windows\System32\dllcache\npds.zip
2013-07-04 21:52 - 2007-06-26 11:30 - 00010457 ____C C:\Windows\System32\dllcache\wmptour.hta
2013-07-04 21:52 - 2007-06-26 11:30 - 00009585 ____C C:\Windows\System32\dllcache\controls.css
2013-07-04 21:52 - 2007-06-26 11:30 - 00008298 ____C C:\Windows\System32\dllcache\contents.htm
2013-07-04 21:52 - 2007-06-26 11:30 - 00006878 ____C C:\Windows\System32\dllcache\controls.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00005971 ____C C:\Windows\System32\dllcache\events.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00003187 ____C C:\Windows\System32\dllcache\tour.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00001771 ____C C:\Windows\System32\dllcache\wmptour.css
2013-07-04 21:52 - 2007-06-26 11:30 - 00001148 ____C C:\Windows\System32\dllcache\snd.htm
2013-07-04 21:52 - 2007-06-26 11:30 - 00000420 ____C C:\Windows\System32\dllcache\wmploc.js
2013-07-04 21:52 - 2007-06-26 11:29 - 00097117 ____C C:\Windows\System32\dllcache\mplayer2.hlp
2013-07-04 21:52 - 2007-06-26 11:29 - 00001885 ____C C:\Windows\System32\dllcache\mplayer2.cnt
2013-07-04 21:52 - 2007-06-26 11:26 - 00000403 ____C C:\Windows\System32\dllcache\npdrmv2.zip
2013-07-04 21:52 - 2007-02-21 10:45 - 00076456 ____C C:\Windows\System32\dllcache\wmplayer.adm
2013-07-04 21:52 - 2007-02-21 10:36 - 00026141 ____C C:\Windows\System32\dllcache\wmplay.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00660224 ____C C:\Windows\System32\dllcache\wmplayer.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00184109 ____C C:\Windows\System32\dllcache\compact.wmz
2013-07-04 21:52 - 2007-02-21 10:25 - 00084531 ____C C:\Windows\System32\dllcache\plyr_err.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00066132 ____C C:\Windows\System32\dllcache\revert.wmz
2013-07-04 21:52 - 2007-02-21 10:25 - 00001476 ____C C:\Windows\System32\dllcache\plylst5.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001471 ____C C:\Windows\System32\dllcache\plylst6.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001471 ____C C:\Windows\System32\dllcache\plylst12.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001469 ____C C:\Windows\System32\dllcache\plylst3.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001467 ____C C:\Windows\System32\dllcache\plylst4.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001261 ____C C:\Windows\System32\dllcache\plylst1.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001055 ____C C:\Windows\System32\dllcache\plylst2.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001047 ____C C:\Windows\System32\dllcache\plylst7.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001038 ____C C:\Windows\System32\dllcache\plylst8.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000807 ____C C:\Windows\System32\dllcache\plylst11.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000800 ____C C:\Windows\System32\dllcache\plylst10.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000782 ____C C:\Windows\System32\dllcache\plylst9.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000779 ____C C:\Windows\System32\dllcache\plylst13.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000778 ____C C:\Windows\System32\dllcache\plylst14.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000725 ____C C:\Windows\System32\dllcache\plylst15.wpl
2013-07-04 21:49 - 2008-04-14 07:53 - 00278559 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmv8ds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00258048 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmvds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00221184 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msadds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00069632 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msscds32.ax
2013-07-04 21:49 - 2008-04-14 07:52 - 00303616 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmstream.dll
2013-07-04 21:49 - 2008-04-14 07:52 - 00294912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dlimport.exe
2013-07-04 21:49 - 2008-04-14 07:51 - 00847898 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msdxm.ocx
2013-07-04 21:49 - 2008-04-14 07:51 - 00004126 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msdxmlc.dll
2013-07-04 21:48 - 2013-07-05 15:00 - 00123654 ____A C:\Windows\FaxSetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00059069 ____A C:\Windows\ocgen.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00046238 ____A C:\Windows\tsoc.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00038302 ____A C:\Windows\comsetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00022951 ____A C:\Windows\ntdtcsetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00018674 ____A C:\Windows\iis6.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00006317 ____A C:\Windows\ocmsn.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00006024 ____A C:\Windows\msgsocm.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00001355 ____A C:\Windows\imsins.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00001355 ____A C:\Windows\imsins.BAK
2013-07-04 21:48 - 2013-07-05 14:58 - 00014614 ____A C:\Windows\updspapi.log
2013-07-04 21:48 - 2006-12-29 00:31 - 00019569 ____A C:\Windows\004243_.tmp
2013-07-04 21:47 - 2013-07-04 21:47 - 00000581 ____A C:\Windows\medctroc.Log
2013-07-04 21:42 - 2013-07-05 22:50 - 00000060 ____A C:\Windows\setupact.log
2013-07-04 21:42 - 2013-07-04 21:42 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 21:41 - 2013-07-05 15:00 - 00039520 ____A C:\Windows\setupapi.log
2013-07-04 21:41 - 2013-07-04 22:08 - 00331707 ____A C:\Windows\svcpack.log
2013-07-04 20:43 - 2013-07-04 20:43 - 00000000 ____D C:\Windows\pss
2013-07-04 13:38 - 2013-07-04 13:38 - 00003221 ____A C:\Windows\KB935448.log
2013-07-04 13:37 - 2013-07-04 21:56 - 00034059 ____A C:\Windows\KB956744.log
==================== One Month Modified Files and Folders ========
2013-07-08 10:11 - 2011-12-29 17:37 - 00000000 ____D C:\allewebprojekte
2013-07-08 09:54 - 2009-03-04 13:42 - 00000000 ____A C:\Windows\System32\nmp.log
2013-07-08 09:53 - 2009-03-04 13:49 - 00182038 ____A C:\Windows\System32\nvapps.xml
2013-07-08 09:52 - 2010-02-02 12:22 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 09:52 - 2009-03-04 13:34 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 09:52 - 2009-03-04 13:20 - 00000159 ____A C:\Windows\wiadebug.log
2013-07-08 09:52 - 2009-03-04 13:20 - 00000050 ____A C:\Windows\wiaservc.log
2013-07-08 09:52 - 2008-04-14 14:00 - 00013646 ____A C:\Windows\System32\wpa.dbl
2013-07-06 19:42 - 2010-02-08 13:58 - 02084926 ____A C:\Windows\WindowsUpdate.log
2013-07-06 19:42 - 2010-02-02 12:22 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-06 19:42 - 2009-03-04 13:34 - 00032610 ____A C:\Windows\SchedLgU.Txt
2013-07-06 19:27 - 2012-04-09 12:41 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-06 19:18 - 2009-03-04 13:18 - 00000000 ___RD C:\Programme
2013-07-06 18:38 - 2011-01-11 21:09 - 00000000 ____D C:\Windows\System32\NtmsData
2013-07-06 18:34 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\Registration
2013-07-06 18:33 - 2013-07-06 18:33 - 00060928 ____A C:\Windows\System32\Drivers\5b1c0562b57cda28.sys
2013-07-06 12:33 - 2013-07-05 21:45 - 00000000 ____D C:\JRT
2013-07-06 12:21 - 2013-07-06 12:21 - 00001478 ____A C:\AdwCleaner[S3].txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00000364 ____A C:\AdwCleaner[S2].txt
2013-07-06 11:19 - 2013-07-06 11:19 - 00000000 ____D C:\FRST
2013-07-05 22:50 - 2013-07-04 21:42 - 00000060 ____A C:\Windows\setupact.log
2013-07-05 21:46 - 2013-07-05 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 21:16 - 2013-07-05 21:16 - 00029922 ____A C:\AdwCleaner[S1].txt
2013-07-05 21:15 - 2013-07-05 21:15 - 00030024 ____A C:\AdwCleaner[R1].txt
2013-07-05 21:06 - 2009-03-04 14:14 - 00000211 _RASH C:\boot.ini
2013-07-05 21:06 - 2008-04-14 14:00 - 00000664 ____A C:\Windows\win.ini
2013-07-05 21:06 - 2008-04-14 14:00 - 00000227 ____A C:\Windows\system.ini
2013-07-05 19:37 - 2009-05-15 19:54 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-05 18:14 - 2009-03-04 13:15 - 01594864 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-05 15:03 - 2009-03-04 13:18 - 01279496 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 15:00 - 2013-07-05 15:00 - 00012506 ____A C:\Windows\KB2779562.log
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-07-05 15:00 - 2013-07-05 10:31 - 00021367 ____A C:\Windows\KB2758857.log
2013-07-05 15:00 - 2013-07-05 10:31 - 00021004 ____A C:\Windows\KB2802968.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00123654 ____A C:\Windows\FaxSetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00059069 ____A C:\Windows\ocgen.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00046238 ____A C:\Windows\tsoc.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00038302 ____A C:\Windows\comsetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00022951 ____A C:\Windows\ntdtcsetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00018674 ____A C:\Windows\iis6.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00006317 ____A C:\Windows\ocmsn.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00006024 ____A C:\Windows\msgsocm.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00001355 ____A C:\Windows\imsins.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00001355 ____A C:\Windows\imsins.BAK
2013-07-05 15:00 - 2013-07-04 21:41 - 00039520 ____A C:\Windows\setupapi.log
2013-07-05 15:00 - 2009-03-04 14:25 - 00253254 ____A C:\Windows\System32\TZLog.log
2013-07-05 14:59 - 2013-07-05 14:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-07-05 14:59 - 2013-07-05 10:31 - 00020697 ____A C:\Windows\KB2780091.log
2013-07-05 14:58 - 2013-07-05 14:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2753842-v2$
2013-07-05 14:58 - 2013-07-05 14:57 - 00015709 ____A C:\Windows\KB2753842-v2.log
2013-07-05 14:58 - 2013-07-05 10:30 - 00019923 ____A C:\Windows\KB2719985.log
2013-07-05 14:58 - 2013-07-04 21:48 - 00014614 ____A C:\Windows\updspapi.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00015666 ____A C:\Windows\KB2807986.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00014415 ____A C:\Windows\KB2820197.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-07-05 14:57 - 2013-07-05 10:30 - 00020327 ____A C:\Windows\KB2820917.log
2013-07-05 14:57 - 2013-07-05 10:30 - 00019512 ____A C:\Windows\KB2757638.log
2013-07-05 14:57 - 2013-07-05 10:30 - 00019488 ____A C:\Windows\KB2839229.log
2013-07-05 14:57 - 2009-03-04 14:19 - 00000000 ___HD C:\Windows\$hf_mig$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$
2013-07-05 14:56 - 2013-07-05 14:55 - 00014196 ____A C:\Windows\KB2838727-IE8.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019619 ____A C:\Windows\KB2813345.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019495 ____A C:\Windows\KB2749655.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019070 ____A C:\Windows\KB2661254-v2.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00018650 ____A C:\Windows\KB2727528.log
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-07-05 14:55 - 2013-07-05 10:29 - 00013004 ____A C:\Windows\KB2829361.log
2013-07-05 14:55 - 2009-09-12 12:09 - 00000000 ____D C:\Windows\ie8updates
2013-07-05 12:57 - 2013-07-05 12:55 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-07-04 22:49 - 2013-07-04 22:49 - 00006220 ____A C:\Windows\KB946648.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006020 ____A C:\Windows\KB973687.log
2013-07-04 22:13 - 2013-07-04 22:13 - 00000236 ____A C:\Windows\DtcInstall.log
2013-07-04 22:13 - 2013-07-04 22:11 - 00002162 ____A C:\Windows\wmsetup.log
2013-07-04 22:13 - 2013-07-04 21:53 - 00069530 ____A C:\Windows\spupdsvc.log
2013-07-04 22:13 - 2009-03-04 13:31 - 00316640 ____A C:\Windows\WMSysPr9.prx
2013-07-04 22:11 - 2013-07-04 22:11 - 00000187 ____A C:\Windows\spupdsvc.log.1.log
2013-07-04 22:11 - 2012-12-05 13:41 - 00000090 ____A C:\Windows\System32\spupdwxp.log
2013-07-04 22:09 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\security
2013-07-04 22:08 - 2013-07-04 21:41 - 00331707 ____A C:\Windows\svcpack.log
2013-07-04 21:56 - 2013-07-04 21:56 - 00000000 __HDC C:\Windows\$NtUninstallKB956744$
2013-07-04 21:56 - 2013-07-04 13:37 - 00034059 ____A C:\Windows\KB956744.log
2013-07-04 21:53 - 2013-07-04 21:53 - 00000173 ____A C:\Windows\cmsetacl.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000311 ____A C:\Windows\sessmgr.setup.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000000 ____D C:\Windows\System32\bits
2013-07-04 21:52 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\PeerNet
2013-07-04 21:52 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\Help
2013-07-04 21:49 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\System32\usmt
2013-07-04 21:49 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\System32\Restore
2013-07-04 21:49 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\srchasst
2013-07-04 21:48 - 2012-12-05 11:51 - 00000000 __HDC C:\Windows\$NtServicePackUninstall$
2013-07-04 21:48 - 2009-03-04 13:41 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-07-04 21:47 - 2013-07-04 21:47 - 00000581 ____A C:\Windows\medctroc.Log
2013-07-04 21:42 - 2013-07-04 21:42 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 21:16 - 2009-07-28 17:51 - 00000000 ____D C:\Windows\System32\LogFiles
2013-07-04 21:14 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\Provisioning
2013-07-04 20:43 - 2013-07-04 20:43 - 00000000 ____D C:\Windows\pss
2013-07-04 13:38 - 2013-07-04 13:38 - 00003221 ____A C:\Windows\KB935448.log
2013-07-03 13:47 - 2013-03-08 15:19 - 00000000 ____D C:\vue
2013-06-13 10:27 - 2012-04-09 12:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-13 10:27 - 2011-12-28 17:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-08 21:10 - 2012-12-18 12:10 - 00000000 ____D C:\canopy
2013-06-08 21:00 - 2012-09-12 12:44 - 00000000 ____D C:\dänemark0912
ZeroAccess:
C:\RECYCLER\S-1-5-21-1275210071-926492609-682003330-1004\$d6f0497ef4d323fcbc4a52237e3baa9b
ZeroAccess:
C:\RECYCLER\S-1-5-18\$d6f0497ef4d323fcbc4a52237e3baa9b
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2008-04-14 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 14:00] - [2008-04-14 14:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
|
|
08.07.2013, 09:38
| #17 |
| /// the machine /// TB-Ausbilder    | Webseite bizcoaching öffnet sich ständig ungefragtCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ |
|
08.07.2013, 10:06
| #18 |
| | Webseite bizcoaching öffnet sich ständig ungefragt Hallo, hier die gewünschte Datei, es wurde eine Infektion gefunden habe ich zwischenzeitig gelesen:
__________________Combofix Logfile: Code:
ATTFilter ComboFix 13-07-08.02 - Dust 08.07.2013 10:54:57.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1393 [GMT 2:00]
ausgeführt von:: c:\allewebprojekte\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\8ed1dc61-0202-0000-fb05-000087371d04\8ed1dc61-0202-0000-fb05-000087371d04.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Dust\49572.exe
c:\dokumente und einstellungen\Dust\Anwendungsdaten\desktop.ini
c:\dokumente und einstellungen\Dust\Anwendungsdaten\ntuser.dat
c:\dokumente und einstellungen\Dust\Anwendungsdaten\WMPRWISE.EXE
c:\dokumente und einstellungen\Dust\ceegaix.exe
c:\dokumente und einstellungen\Dust\WINDOWS
c:\programme\100_226_DJ_SF_03_D1500_Full_NonNet_deu.exe
c:\programme\chrome_installer_27.0.1453.116.exe
c:\programme\cjb2300GE.exe
c:\programme\SoftonicDownloader_fuer_c-builder-2010-architect.exe
c:\windows\IsUn0407.exe
c:\windows\system32\aosmtp.dll
c:\windows\system32\drivers\5b1c0562b57cda28.sys
c:\windows\unin0407.exe
c:\windows\wininit.ini
.
Infizierte Kopie von c:\windows\system32\Version.dll wurde gefunden und desinfiziert
Kopie von - c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\version.dll wurde wiederhergestellt
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSHOST32
-------\Service_syshost32
-------\Legacy_5b1c0562b57cda28
-------\Service_5b1c0562b57cda28
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-08 bis 2013-07-08 ))))))))))))))))))))))))))))))
.
.
2013-07-06 16:38 . 2013-07-08 08:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\8ed1dc61-0202-0000-fb05-000087371d04
2013-07-06 12:16 . 2013-07-06 12:16 -------- d-----w- c:\programme\ESET
2013-07-06 09:19 . 2013-07-06 09:19 -------- d-----w- C:\FRST
2013-07-05 19:46 . 2013-07-05 19:46 -------- d-----w- c:\windows\ERUNT
2013-07-05 19:45 . 2013-07-06 10:33 -------- d-----w- C:\JRT
2013-07-05 08:30 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-07-04 19:52 . 2007-03-28 16:27 908504 ------w- c:\programme\MSN\MSNCoreFiles\Install\msnsusii.exe
2013-07-04 19:52 . 2007-03-28 16:25 888808 ------w- c:\programme\MSN\MSNCoreFiles\Install\MSN9Components\digcore.exe
2013-07-04 19:52 . 2007-03-28 16:26 11089384 ------w- c:\programme\MSN\MSNCoreFiles\Install\MSN9Components\msncli.exe
2013-07-04 19:52 . 2013-07-04 19:52 -------- d-----w- c:\windows\system32\bits
2013-07-04 19:49 . 2008-04-14 05:52 294912 ------w- c:\programme\Windows Media Player\dlimport.exe
2013-07-04 19:49 . 2008-04-14 05:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2013-07-04 19:49 . 2008-04-14 05:51 4126 -c----w- c:\windows\system32\dllcache\msdxmlc.dll
2013-07-04 19:49 . 2008-04-14 05:52 303616 -c----w- c:\windows\system32\dllcache\wmstream.dll
2013-07-04 19:48 . 2006-12-28 22:31 19569 ----a-w- c:\windows\004243_.tmp
2013-07-04 19:03 . 2013-07-04 19:03 -------- d-----w- c:\dokumente und einstellungen\Dust\Anwendungsdaten\Malwarebytes
2013-07-04 19:03 . 2013-07-04 19:03 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-07-04 18:19 . 2013-07-04 18:19 -------- d-----w- c:\dokumente und einstellungen\Dust\Anwendungsdaten\TeamViewer
2013-07-04 09:06 . 2013-07-04 09:22 -------- d-----w- c:\dokumente und einstellungen\Dust\Anwendungsdaten\Vidalia
2013-07-03 20:47 . 2013-07-03 20:47 -------- d-----w- c:\programme\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 08:27 . 2012-04-09 10:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-13 08:27 . 2011-12-28 15:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:28 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:28 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:28 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 05:39 . 2008-04-14 12:00 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39 . 2008-04-14 07:30 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-12 14:00 . 2008-04-14 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys
2011-04-16 16:22 . 2011-04-16 16:22 885024 ----a-w- c:\programme\jre-6u24-windows-i586-iftw.exe
2011-04-14 10:48 . 2011-04-14 10:48 1029000 ----a-w- c:\programme\SkypeSetup.exe
2010-11-18 10:02 . 2009-11-28 19:23 44151368 ----a-w- c:\programme\avira_antivir_personal_de.exe
2010-10-27 09:01 . 2010-10-27 09:01 2288616 ----a-w- c:\programme\ParetoLogic FileCure.exe
2010-10-07 10:14 . 2010-10-07 10:13 327168 ----a-w- c:\programme\Facemoods.exe
2010-07-07 09:27 . 2010-02-11 09:33 28534656 ----a-w- c:\programme\AdbeRdr930_de_DE.exe
2010-05-04 14:28 . 2010-05-04 14:28 4076719 ----a-w- c:\programme\FileZilla_3.2.7.1_win32-setup.exe
2010-01-03 14:45 . 2010-01-03 14:45 2470416 ----a-w- c:\programme\ParetoLogic FileCure_ifo_.exe
2010-01-03 14:44 . 2010-01-03 14:44 2470416 ----a-w- c:\programme\ParetoLogic FileCure_bup_.exe
2009-11-28 19:20 . 2009-11-28 19:20 31066056 ----a-w- c:\programme\avira_antivir_personal415_de.exe
2009-10-17 11:31 . 2009-10-17 11:31 28565216 ----a-w- c:\programme\AdbeRdr920_de_DE.exe
2009-07-21 18:39 . 2009-04-16 15:14 18699392 ----a-w- c:\programme\setupDE.exe
2009-05-15 17:51 . 2009-05-15 17:51 3485376 ----a-w- c:\programme\PhotomatixPro313de.exe
2009-05-14 13:36 . 2009-05-14 13:35 2707968 ----a-w- c:\programme\cooliris-win-iefull-release-1.10.0.25085.en-US.msi
2009-04-17 14:43 . 2009-04-17 14:43 18458240 ----a-w- c:\programme\turbolister.exe
2009-04-16 16:45 . 2009-04-16 16:45 627297 ----a-w- c:\programme\etopelister-install.exe
2009-04-14 16:05 . 2009-04-14 16:05 8862548 ----a-w- c:\programme\rawtherapee23.exe
2009-04-14 15:30 . 2009-04-14 15:30 2063321 ----a-w- c:\programme\ablerawer14_setup.exe
2009-04-08 10:57 . 2009-04-08 10:57 11969419 ----a-w- c:\programme\rawtherapee24rc2.exe
2009-03-19 12:02 . 2009-03-19 12:02 6409944 ----a-w- c:\programme\Install_PDFR_v228.exe
2009-03-11 16:10 . 2009-03-11 16:10 2708156 ----a-w- c:\programme\Apo202b.exe
2009-03-11 16:09 . 2009-03-11 16:09 393042 ----a-w- c:\programme\Apomap1b.exe
2009-03-11 16:09 . 2009-03-11 16:09 596860 ----a-w- c:\programme\Apoph101b.exe
2009-03-07 18:26 . 2009-03-07 18:26 32453152 ----a-w- c:\programme\zoombrowser2.exe
2009-03-07 10:37 . 2009-03-07 10:37 32440072 ----a-w- c:\programme\K690aenx.exe
2009-03-07 10:36 . 2009-03-07 10:36 5055560 ----a-w- c:\programme\zoombrw.exe
2009-03-07 10:35 . 2009-03-07 10:35 5055560 ----a-w- c:\programme\k620cenx.exe
2009-03-07 10:17 . 2009-03-07 10:17 32453152 ----a-w- c:\programme\zoom browser ex.exe
2009-03-07 10:10 . 2009-03-07 10:09 39235584 ----a-w- c:\programme\k4b03dex.exe
2009-03-07 09:59 . 2009-03-07 09:59 32453152 ----a-w- c:\programme\K690adexb.exe
2009-03-06 19:38 . 2009-03-06 19:38 16006800 ----a-w- c:\programme\gimp-2.6.5-i686-setup.exe
2009-03-06 19:36 . 2009-03-06 19:36 47828912 ----a-w- c:\programme\ashampoo_photo_commander_7_710_sm.exe
2009-03-06 19:35 . 2009-03-06 19:35 9934392 ----a-w- c:\programme\picasa3-setup.exe
2009-03-06 19:29 . 2009-03-06 19:29 10473064 ----a-w- c:\programme\fotoworks_setup.exe
2009-03-06 17:11 . 2009-03-06 17:11 393042 ----a-w- c:\programme\Apomap1.exe
2009-03-06 17:11 . 2009-03-06 17:11 596860 ----a-w- c:\programme\Apoph101.exe
2009-03-06 17:10 . 2009-03-06 17:10 2708156 ----a-w- c:\programme\Apo202.exe
2009-03-06 17:05 . 2009-03-06 17:05 5062814 ----a-w- c:\programme\k620cdex.exe
2009-03-06 16:32 . 2009-03-06 16:32 32440072 ----a-w- c:\programme\K690aenxm.exe
2009-03-06 16:27 . 2009-03-06 16:27 32453152 ----a-w- c:\programme\K690adex.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
AutoCAD-Startbeschleuniger.lnk - c:\programme\Gemeinsame Dateien\Autodesk Shared\acstart16.exe [2005-3-5 10872]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan Plus.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-15 23:37 57344 ----a-w- c:\programme\Adobe\Photoshop Elements 4.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-08 21:20 41056 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-03-05 14:44 98304 ----a-w- c:\programme\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
2009-01-21 02:59 4033618 ----a-w- c:\programme\Vidalia Bundle\Vidalia\vidalia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WajamUpdater"=2 (0x2)
"McComponentHostService"=3 (0x3)
"idsvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 TeamViewer8;TeamViewer 8;c:\programme\TeamViewer\Version8\TeamViewer_Service.exe [03.07.2013 22:47 4150112]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_4f5a43dc\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_4f5a43dc\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\windows\TEMP\AVSETUP_4f5a43dc\avupgsvc.exe [?]
S3 CFcatchme;CFcatchme;\??\c:\combofix\CFcatchme.sys --> c:\combofix\CFcatchme.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 08:27]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-02 10:22]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-02 10:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} - hxxp://www.cltnet.de/login/dplaunch.cab
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-ceegaix - c:\dokumente und einstellungen\Dust\ceegaix.exe
HKCU-Run-Microsoft Firewall 2.9 - c:\dokumente und einstellungen\Dust\Anwendungsdaten\WMPRWISE.EXE
MSConfigStartUp-Google Update - c:\dokumente und einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
MSConfigStartUp-swg - c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-ActiveTouchMeetingClient - c:\dokume~1\Dust\LOKALE~1\ANWEND~1\Google\Chrome\APPLIC~1\plugins\atcliun.exe
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-lyricsmonkey@mendoni.net - c:\programme\LyricsMonkey\uninstall.exe
AddRemove-Schulbuch - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-07-08 11:02
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\adsldpc.dll
.
- - - - - - - > 'explorer.exe'(252)
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programme\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-08 11:04:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-08 09:03
.
Vor Suchlauf: 57 Verzeichnis(se), 445.837.434.880 Bytes frei
Nach Suchlauf: 59 Verzeichnis(se), 446.288.142.336 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 74BB33B0C991AF95B53F9A9BBBDAFDDA
72B8CE41AF0DE751C946802B3ED844B4 |
|
08.07.2013, 11:19
| #19 |
| /// the machine /// TB-Ausbilder | Webseite bizcoaching öffnet sich ständig ungefragt Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.07.2013, 11:50
| #20 |
| | Webseite bizcoaching öffnet sich ständig ungefragt man oh man, das nimmt ja gar kein Ende, hier die vier gewünschten Dateien:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.304 - Datei am 08/07/2013 um 12:39:09 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Dust - DUST
# Bootmodus : Normal
# Ausgeführt unter : C:\allewebprojekte\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Datei : C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Firefox\Profiles\bq0opndw.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [30024 octets] - [05/07/2013 21:15:12]
AdwCleaner[S1].txt - [29922 octets] - [05/07/2013 21:16:07]
AdwCleaner[S2].txt - [364 octets] - [06/07/2013 12:20:52]
AdwCleaner[S3].txt - [1478 octets] - [06/07/2013 12:21:16]
AdwCleaner[S4].txt - [1176 octets] - [08/07/2013 12:39:09]
########## EOF - C:\AdwCleaner[S4].txt - [1236 octets] ##########
und dann: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.7 (07.08.2013:2) OS: Microsoft Windows XP x86 Ran by Dust on 08.07.2013 at 12:43:33,95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\WINDOWS\prefetch\APNSTUB.EXE-07FCD9AD.pf ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08.07.2013 at 12:46:21,50 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ und dann: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.08.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Dust :: DUST [Administrator] Schutz: Deaktiviert 08.07.2013 12:26:42 MBAM-log-2013-07-08 (12-33-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 325410 Laufzeit: 6 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\WINDOWS\Installer\{AA4EC929-9F4C-F92F-E21B-A65FC2029741}\syshost.exe (Trojan.Agent.RRE) -> Keine Aktion durchgeführt. (Ende) und dann: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Dust (administrator) on 08-07-2013 12:47:14
Running from C:\allewebprojekte
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
() C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Apple Computer, Inc.) C:\Programme\Bonjour\mDNSResponder.exe
(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(Sun Microsystems, Inc.) C:\Programme\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Hewlett-Packard) C:\Programme\HP\HP Software Update\HPWuSchd2.exe
(Sun Microsystems, Inc.) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Programme\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [SkyTel] SkyTel.EXE [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13529088 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: LeapFTP Internet Explorer Hook - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - C:\PROGRA~1\LEAPFT~1.0\lftpie.dll (LeapWare)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: No Name - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} hxxp://www.cltnet.de/login/dplaunch.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Firefox\Profiles\bq0opndw.default
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SpeedAnalysis.com - C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programme\Java\jre6\lib\deploy\jqs\ff
========================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-03-06] (Adobe Systems)
R2 AdobeActiveFileMonitor4.0; C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-10-03] ()
S3 Autodesk Licensing Service; C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe [77944 2010-12-14] (Autodesk)
R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.)
S3 FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-07-18] (Macrovision Europe Ltd.)
R2 ForcewareWebInterface; C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-04-03] (Apache Software Foundation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-02-02] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-02-02] (Google Inc.)
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-21] (Google)
R3 hpqcxs08; C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.)
R2 hpqddsvc; C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 nSvcIp; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-07-13] (NVIDIA Corporation)
R2 nSvcLog; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-07-13] (NVIDIA Corporation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 SQLBrowser; c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [242544 2007-02-10] (Microsoft Corporation)
R2 SQLWriter; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [89968 2007-02-10] (Microsoft Corporation)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [4150112 2013-06-13] (TeamViewer GmbH)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S2 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_4f5a43dc\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_4f5a43dc\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" [x]
R2 JavaQuickStarterService; "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2009-03-05] (Windows (R) 2000 DDK provider)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2008-06-18] (Avanquest Software)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DCamUSBSQTECH; C:\Windows\System32\Drivers\SQcaptur.sys [29744 2003-10-28] (Service & Quality Technology.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [102400 2007-08-09] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [x]
S4 IntelIde; No ImagePath
U3 TlntSvr;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-08 12:39 - 2013-07-08 12:39 - 00001305 ____A C:\AdwCleaner[S4].txt
2013-07-08 12:25 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-08 11:04 - 2013-07-08 11:04 - 00017690 ____A C:\ComboFix.txt
2013-07-08 10:58 - 2013-07-08 10:58 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2013-07-08 10:52 - 2013-07-08 10:52 - 00000000 RASHD C:\cmdcons
2013-07-08 10:52 - 2004-08-03 23:00 - 00262448 _RASH C:\cmldr
2013-07-08 10:51 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-08 10:51 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-08 10:51 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-08 10:45 - 2013-07-08 11:04 - 00000000 ____D C:\Qoobox
2013-07-08 10:45 - 2013-07-08 11:03 - 00000000 ____D C:\Windows\erdnt
2013-07-06 12:21 - 2013-07-06 12:21 - 00001478 ____A C:\AdwCleaner[S3].txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00000364 ____A C:\AdwCleaner[S2].txt
2013-07-06 11:19 - 2013-07-06 11:19 - 00000000 ____D C:\FRST
2013-07-05 21:46 - 2013-07-05 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 21:45 - 2013-07-08 12:43 - 00000000 ____D C:\JRT
2013-07-05 21:16 - 2013-07-05 21:16 - 00029922 ____A C:\AdwCleaner[S1].txt
2013-07-05 21:15 - 2013-07-05 21:15 - 00030024 ____A C:\AdwCleaner[R1].txt
2013-07-05 15:00 - 2013-07-05 15:00 - 00012506 ____A C:\Windows\KB2779562.log
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-07-05 14:59 - 2013-07-05 14:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-07-05 14:58 - 2013-07-05 14:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2753842-v2$
2013-07-05 14:57 - 2013-07-05 14:58 - 00015709 ____A C:\Windows\KB2753842-v2.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00015666 ____A C:\Windows\KB2807986.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00014415 ____A C:\Windows\KB2820197.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$
2013-07-05 14:55 - 2013-07-05 14:56 - 00014196 ____A C:\Windows\KB2838727-IE8.log
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-07-05 12:55 - 2013-07-05 12:57 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-07-05 10:31 - 2013-07-05 15:00 - 00021367 ____A C:\Windows\KB2758857.log
2013-07-05 10:31 - 2013-07-05 15:00 - 00021004 ____A C:\Windows\KB2802968.log
2013-07-05 10:31 - 2013-07-05 14:59 - 00020697 ____A C:\Windows\KB2780091.log
2013-07-05 10:30 - 2013-07-05 14:58 - 00019923 ____A C:\Windows\KB2719985.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00020327 ____A C:\Windows\KB2820917.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00019512 ____A C:\Windows\KB2757638.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00019488 ____A C:\Windows\KB2839229.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019619 ____A C:\Windows\KB2813345.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019495 ____A C:\Windows\KB2749655.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019070 ____A C:\Windows\KB2661254-v2.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00018650 ____A C:\Windows\KB2727528.log
2013-07-05 10:30 - 2013-02-12 02:32 - 00012928 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usb8023x.sys
2013-07-05 10:29 - 2013-07-05 14:55 - 00013004 ____A C:\Windows\KB2829361.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006220 ____A C:\Windows\KB946648.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006020 ____A C:\Windows\KB973687.log
2013-07-04 22:13 - 2013-07-04 22:13 - 00000236 ____A C:\Windows\DtcInstall.log
2013-07-04 22:11 - 2013-07-04 22:13 - 00002162 ____A C:\Windows\wmsetup.log
2013-07-04 22:11 - 2013-07-04 22:11 - 00000187 ____A C:\Windows\spupdsvc.log.1.log
2013-07-04 21:56 - 2013-07-04 21:56 - 00000000 __HDC C:\Windows\$NtUninstallKB956744$
2013-07-04 21:53 - 2013-07-04 22:13 - 00069530 ____A C:\Windows\spupdsvc.log
2013-07-04 21:53 - 2013-07-04 21:53 - 00000173 ____A C:\Windows\cmsetacl.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000311 ____A C:\Windows\sessmgr.setup.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000000 ____D C:\Windows\System32\bits
2013-07-04 21:52 - 2008-04-14 07:51 - 00086016 ____C (Sipro Lab Telecom Inc.) C:\Windows\System32\dllcache\sl_anet.acm
2013-07-04 21:52 - 2008-04-14 07:50 - 00294912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msaud32.acm
2013-07-04 21:52 - 2008-04-14 07:50 - 00290816 ____C (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\dllcache\l3codeca.acm
2013-07-04 21:52 - 2007-06-26 11:30 - 00572557 ____C C:\Windows\System32\dllcache\rtuner.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00457607 ____C C:\Windows\System32\dllcache\mdlib.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00381425 ____C C:\Windows\System32\dllcache\copycd.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00375519 ____C C:\Windows\System32\dllcache\nuskin.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00354468 ____C C:\Windows\System32\dllcache\wmpaud1.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00343204 ____C C:\Windows\System32\dllcache\wmpaud7.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00343204 ____C C:\Windows\System32\dllcache\wmpaud6.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00300969 ____C C:\Windows\System32\dllcache\viz.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud9.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud8.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud3.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086196 ____C C:\Windows\System32\dllcache\wmpaud5.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086180 ____C C:\Windows\System32\dllcache\wmpaud4.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086180 ____C C:\Windows\System32\dllcache\wmpaud2.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00022060 ____C C:\Windows\System32\dllcache\npds.zip
2013-07-04 21:52 - 2007-06-26 11:30 - 00010457 ____C C:\Windows\System32\dllcache\wmptour.hta
2013-07-04 21:52 - 2007-06-26 11:30 - 00009585 ____C C:\Windows\System32\dllcache\controls.css
2013-07-04 21:52 - 2007-06-26 11:30 - 00008298 ____C C:\Windows\System32\dllcache\contents.htm
2013-07-04 21:52 - 2007-06-26 11:30 - 00006878 ____C C:\Windows\System32\dllcache\controls.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00005971 ____C C:\Windows\System32\dllcache\events.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00003187 ____C C:\Windows\System32\dllcache\tour.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00001771 ____C C:\Windows\System32\dllcache\wmptour.css
2013-07-04 21:52 - 2007-06-26 11:30 - 00001148 ____C C:\Windows\System32\dllcache\snd.htm
2013-07-04 21:52 - 2007-06-26 11:30 - 00000420 ____C C:\Windows\System32\dllcache\wmploc.js
2013-07-04 21:52 - 2007-06-26 11:29 - 00097117 ____C C:\Windows\System32\dllcache\mplayer2.hlp
2013-07-04 21:52 - 2007-06-26 11:29 - 00001885 ____C C:\Windows\System32\dllcache\mplayer2.cnt
2013-07-04 21:52 - 2007-06-26 11:26 - 00000403 ____C C:\Windows\System32\dllcache\npdrmv2.zip
2013-07-04 21:52 - 2007-02-21 10:45 - 00076456 ____C C:\Windows\System32\dllcache\wmplayer.adm
2013-07-04 21:52 - 2007-02-21 10:36 - 00026141 ____C C:\Windows\System32\dllcache\wmplay.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00660224 ____C C:\Windows\System32\dllcache\wmplayer.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00184109 ____C C:\Windows\System32\dllcache\compact.wmz
2013-07-04 21:52 - 2007-02-21 10:25 - 00084531 ____C C:\Windows\System32\dllcache\plyr_err.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00066132 ____C C:\Windows\System32\dllcache\revert.wmz
2013-07-04 21:52 - 2007-02-21 10:25 - 00001476 ____C C:\Windows\System32\dllcache\plylst5.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001471 ____C C:\Windows\System32\dllcache\plylst6.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001471 ____C C:\Windows\System32\dllcache\plylst12.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001469 ____C C:\Windows\System32\dllcache\plylst3.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001467 ____C C:\Windows\System32\dllcache\plylst4.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001261 ____C C:\Windows\System32\dllcache\plylst1.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001055 ____C C:\Windows\System32\dllcache\plylst2.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001047 ____C C:\Windows\System32\dllcache\plylst7.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001038 ____C C:\Windows\System32\dllcache\plylst8.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000807 ____C C:\Windows\System32\dllcache\plylst11.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000800 ____C C:\Windows\System32\dllcache\plylst10.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000782 ____C C:\Windows\System32\dllcache\plylst9.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000779 ____C C:\Windows\System32\dllcache\plylst13.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000778 ____C C:\Windows\System32\dllcache\plylst14.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000725 ____C C:\Windows\System32\dllcache\plylst15.wpl
2013-07-04 21:49 - 2008-04-14 07:53 - 00278559 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmv8ds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00258048 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmvds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00221184 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msadds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00069632 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msscds32.ax
2013-07-04 21:49 - 2008-04-14 07:52 - 00303616 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmstream.dll
2013-07-04 21:49 - 2008-04-14 07:52 - 00294912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dlimport.exe
2013-07-04 21:49 - 2008-04-14 07:51 - 00847898 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msdxm.ocx
2013-07-04 21:49 - 2008-04-14 07:51 - 00004126 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msdxmlc.dll
2013-07-04 21:48 - 2013-07-05 15:00 - 00123654 ____A C:\Windows\FaxSetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00059069 ____A C:\Windows\ocgen.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00046238 ____A C:\Windows\tsoc.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00038302 ____A C:\Windows\comsetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00022951 ____A C:\Windows\ntdtcsetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00018674 ____A C:\Windows\iis6.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00006317 ____A C:\Windows\ocmsn.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00006024 ____A C:\Windows\msgsocm.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00001355 ____A C:\Windows\imsins.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00001355 ____A C:\Windows\imsins.BAK
2013-07-04 21:48 - 2013-07-05 14:58 - 00014614 ____A C:\Windows\updspapi.log
2013-07-04 21:48 - 2006-12-29 00:31 - 00019569 ____A C:\Windows\004243_.tmp
2013-07-04 21:47 - 2013-07-04 21:47 - 00000581 ____A C:\Windows\medctroc.Log
2013-07-04 21:42 - 2013-07-05 22:50 - 00000060 ____A C:\Windows\setupact.log
2013-07-04 21:42 - 2013-07-04 21:42 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 21:41 - 2013-07-08 10:50 - 00040855 ____A C:\Windows\setupapi.log
2013-07-04 21:41 - 2013-07-04 22:08 - 00331707 ____A C:\Windows\svcpack.log
2013-07-04 20:43 - 2013-07-04 20:43 - 00000000 ____D C:\Windows\pss
2013-07-04 13:38 - 2013-07-04 13:38 - 00003221 ____A C:\Windows\KB935448.log
2013-07-04 13:37 - 2013-07-04 21:56 - 00034059 ____A C:\Windows\KB956744.log
==================== One Month Modified Files and Folders ========
2013-07-08 12:47 - 2011-12-29 17:37 - 00000000 ____D C:\allewebprojekte
2013-07-08 12:43 - 2013-07-05 21:45 - 00000000 ____D C:\JRT
2013-07-08 12:42 - 2010-02-02 12:22 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 12:42 - 2009-03-04 13:42 - 00000000 ____A C:\Windows\System32\nmp.log
2013-07-08 12:41 - 2010-02-08 13:58 - 01058922 ____A C:\Windows\WindowsUpdate.log
2013-07-08 12:41 - 2010-02-02 12:22 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 12:41 - 2009-03-04 13:49 - 00182038 ____A C:\Windows\System32\nvapps.xml
2013-07-08 12:40 - 2009-03-04 13:34 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 12:40 - 2009-03-04 13:20 - 00000159 ____A C:\Windows\wiadebug.log
2013-07-08 12:40 - 2009-03-04 13:20 - 00000050 ____A C:\Windows\wiaservc.log
2013-07-08 12:39 - 2013-07-08 12:39 - 00001305 ____A C:\AdwCleaner[S4].txt
2013-07-08 12:39 - 2009-03-04 13:34 - 00032400 ____A C:\Windows\SchedLgU.Txt
2013-07-08 12:27 - 2012-04-09 12:41 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 12:25 - 2009-03-04 13:18 - 00000000 ___RD C:\Programme
2013-07-08 11:04 - 2013-07-08 11:04 - 00017690 ____A C:\ComboFix.txt
2013-07-08 11:04 - 2013-07-08 10:45 - 00000000 ____D C:\Qoobox
2013-07-08 11:03 - 2013-07-08 10:45 - 00000000 ____D C:\Windows\erdnt
2013-07-08 11:00 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\System32\Restore
2013-07-08 11:00 - 2008-04-14 14:00 - 00000227 ____A C:\Windows\system.ini
2013-07-08 10:59 - 2009-03-04 14:14 - 46399488 ____A C:\Windows\System32\config\software.bak
2013-07-08 10:59 - 2009-03-04 14:14 - 04980736 ____A C:\Windows\System32\config\system.bak
2013-07-08 10:59 - 2009-03-04 14:14 - 00524288 ____A C:\Windows\System32\config\default.bak
2013-07-08 10:59 - 2009-03-04 13:15 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-07-08 10:59 - 2009-03-04 13:15 - 00028672 ____A C:\Windows\System32\config\SAM.bak
2013-07-08 10:58 - 2013-07-08 10:58 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2013-07-08 10:52 - 2013-07-08 10:52 - 00000000 RASHD C:\cmdcons
2013-07-08 10:50 - 2013-07-04 21:41 - 00040855 ____A C:\Windows\setupapi.log
2013-07-08 09:52 - 2008-04-14 14:00 - 00013646 ____A C:\Windows\System32\wpa.dbl
2013-07-06 18:38 - 2011-01-11 21:09 - 00000000 ____D C:\Windows\System32\NtmsData
2013-07-06 18:34 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\Registration
2013-07-06 12:21 - 2013-07-06 12:21 - 00001478 ____A C:\AdwCleaner[S3].txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00000364 ____A C:\AdwCleaner[S2].txt
2013-07-06 11:19 - 2013-07-06 11:19 - 00000000 ____D C:\FRST
2013-07-05 22:50 - 2013-07-04 21:42 - 00000060 ____A C:\Windows\setupact.log
2013-07-05 21:46 - 2013-07-05 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 21:16 - 2013-07-05 21:16 - 00029922 ____A C:\AdwCleaner[S1].txt
2013-07-05 21:15 - 2013-07-05 21:15 - 00030024 ____A C:\AdwCleaner[R1].txt
2013-07-05 21:06 - 2009-03-04 14:14 - 00000211 _RASH C:\boot.ini
2013-07-05 21:06 - 2008-04-14 14:00 - 00000664 ____A C:\Windows\win.ini
2013-07-05 19:37 - 2009-05-15 19:54 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-05 18:14 - 2009-03-04 13:15 - 01594864 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-05 15:03 - 2009-03-04 13:18 - 01279496 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 15:00 - 2013-07-05 15:00 - 00012506 ____A C:\Windows\KB2779562.log
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-07-05 15:00 - 2013-07-05 10:31 - 00021367 ____A C:\Windows\KB2758857.log
2013-07-05 15:00 - 2013-07-05 10:31 - 00021004 ____A C:\Windows\KB2802968.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00123654 ____A C:\Windows\FaxSetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00059069 ____A C:\Windows\ocgen.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00046238 ____A C:\Windows\tsoc.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00038302 ____A C:\Windows\comsetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00022951 ____A C:\Windows\ntdtcsetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00018674 ____A C:\Windows\iis6.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00006317 ____A C:\Windows\ocmsn.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00006024 ____A C:\Windows\msgsocm.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00001355 ____A C:\Windows\imsins.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00001355 ____A C:\Windows\imsins.BAK
2013-07-05 15:00 - 2009-03-04 14:25 - 00253254 ____A C:\Windows\System32\TZLog.log
2013-07-05 14:59 - 2013-07-05 14:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-07-05 14:59 - 2013-07-05 10:31 - 00020697 ____A C:\Windows\KB2780091.log
2013-07-05 14:58 - 2013-07-05 14:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2753842-v2$
2013-07-05 14:58 - 2013-07-05 14:57 - 00015709 ____A C:\Windows\KB2753842-v2.log
2013-07-05 14:58 - 2013-07-05 10:30 - 00019923 ____A C:\Windows\KB2719985.log
2013-07-05 14:58 - 2013-07-04 21:48 - 00014614 ____A C:\Windows\updspapi.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00015666 ____A C:\Windows\KB2807986.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00014415 ____A C:\Windows\KB2820197.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-07-05 14:57 - 2013-07-05 10:30 - 00020327 ____A C:\Windows\KB2820917.log
2013-07-05 14:57 - 2013-07-05 10:30 - 00019512 ____A C:\Windows\KB2757638.log
2013-07-05 14:57 - 2013-07-05 10:30 - 00019488 ____A C:\Windows\KB2839229.log
2013-07-05 14:57 - 2009-03-04 14:19 - 00000000 ___HD C:\Windows\$hf_mig$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$
2013-07-05 14:56 - 2013-07-05 14:55 - 00014196 ____A C:\Windows\KB2838727-IE8.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019619 ____A C:\Windows\KB2813345.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019495 ____A C:\Windows\KB2749655.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019070 ____A C:\Windows\KB2661254-v2.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00018650 ____A C:\Windows\KB2727528.log
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-07-05 14:55 - 2013-07-05 10:29 - 00013004 ____A C:\Windows\KB2829361.log
2013-07-05 14:55 - 2009-09-12 12:09 - 00000000 ____D C:\Windows\ie8updates
2013-07-05 12:57 - 2013-07-05 12:55 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-07-04 22:49 - 2013-07-04 22:49 - 00006220 ____A C:\Windows\KB946648.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006020 ____A C:\Windows\KB973687.log
2013-07-04 22:13 - 2013-07-04 22:13 - 00000236 ____A C:\Windows\DtcInstall.log
2013-07-04 22:13 - 2013-07-04 22:11 - 00002162 ____A C:\Windows\wmsetup.log
2013-07-04 22:13 - 2013-07-04 21:53 - 00069530 ____A C:\Windows\spupdsvc.log
2013-07-04 22:13 - 2009-03-04 13:31 - 00316640 ____A C:\Windows\WMSysPr9.prx
2013-07-04 22:11 - 2013-07-04 22:11 - 00000187 ____A C:\Windows\spupdsvc.log.1.log
2013-07-04 22:11 - 2012-12-05 13:41 - 00000090 ____A C:\Windows\System32\spupdwxp.log
2013-07-04 22:09 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\security
2013-07-04 22:08 - 2013-07-04 21:41 - 00331707 ____A C:\Windows\svcpack.log
2013-07-04 21:56 - 2013-07-04 21:56 - 00000000 __HDC C:\Windows\$NtUninstallKB956744$
2013-07-04 21:56 - 2013-07-04 13:37 - 00034059 ____A C:\Windows\KB956744.log
2013-07-04 21:53 - 2013-07-04 21:53 - 00000173 ____A C:\Windows\cmsetacl.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000311 ____A C:\Windows\sessmgr.setup.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000000 ____D C:\Windows\System32\bits
2013-07-04 21:52 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\PeerNet
2013-07-04 21:52 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\Help
2013-07-04 21:49 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\System32\usmt
2013-07-04 21:49 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\srchasst
2013-07-04 21:48 - 2012-12-05 11:51 - 00000000 __HDC C:\Windows\$NtServicePackUninstall$
2013-07-04 21:48 - 2009-03-04 13:41 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-07-04 21:47 - 2013-07-04 21:47 - 00000581 ____A C:\Windows\medctroc.Log
2013-07-04 21:42 - 2013-07-04 21:42 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 21:16 - 2009-07-28 17:51 - 00000000 ____D C:\Windows\System32\LogFiles
2013-07-04 21:14 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\Provisioning
2013-07-04 20:43 - 2013-07-04 20:43 - 00000000 ____D C:\Windows\pss
2013-07-04 13:38 - 2013-07-04 13:38 - 00003221 ____A C:\Windows\KB935448.log
2013-07-03 13:47 - 2013-03-08 15:19 - 00000000 ____D C:\vue
2013-06-13 10:27 - 2012-04-09 12:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-13 10:27 - 2011-12-28 17:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-08 21:10 - 2012-12-18 12:10 - 00000000 ____D C:\canopy
2013-06-08 21:00 - 2012-09-12 12:44 - 00000000 ____D C:\dänemark0912
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2008-04-14 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 14:00] - [2008-04-14 14:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
|
|
08.07.2013, 17:46
| #21 |
| /// the machine /// TB-Ausbilder | Webseite bizcoaching öffnet sich ständig ungefragt Malwarebytes nochmal laufen lassen, Funde löschen lassen, log posten. Und dann wieder ein frisches FRST Log 
__________________ --> Webseite bizcoaching öffnet sich ständig ungefragt |
|
08.07.2013, 19:13
| #22 |
| | Webseite bizcoaching öffnet sich ständig ungefragt Hallo, es wurden keine weitere Infizierungen gefunden, hier die beiden Dateien: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.08.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Dust :: DUST [Administrator] Schutz: Aktiviert 08.07.2013 19:49:41 mbam-log-2013-07-08 (19-49-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 325357 Laufzeit: 6 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) und dann: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Dust (administrator) on 08-07-2013 20:11:13
Running from C:\allewebprojekte
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
() C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Apple Computer, Inc.) C:\Programme\Bonjour\mDNSResponder.exe
(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(Sun Microsystems, Inc.) C:\Programme\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Hewlett-Packard) C:\Programme\HP\HP Software Update\HPWuSchd2.exe
(Sun Microsystems, Inc.) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Programme\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe
(Adobe Systems Incorporated) C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [SkyTel] SkyTel.EXE [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13529088 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: LeapFTP Internet Explorer Hook - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - C:\PROGRA~1\LEAPFT~1.0\lftpie.dll (LeapWare)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: No Name - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} hxxp://www.cltnet.de/login/dplaunch.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Firefox\Profiles\bq0opndw.default
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SpeedAnalysis.com - C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programme\Java\jre6\lib\deploy\jqs\ff
========================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-03-06] (Adobe Systems)
R2 AdobeActiveFileMonitor4.0; C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-10-03] ()
S3 Autodesk Licensing Service; C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe [77944 2010-12-14] (Autodesk)
R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.)
S3 FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-07-18] (Macrovision Europe Ltd.)
R2 ForcewareWebInterface; C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-04-03] (Apache Software Foundation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-02-02] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-02-02] (Google Inc.)
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-21] (Google)
R3 hpqcxs08; C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.)
R2 hpqddsvc; C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 nSvcIp; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-07-13] (NVIDIA Corporation)
R2 nSvcLog; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-07-13] (NVIDIA Corporation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 SQLBrowser; c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [242544 2007-02-10] (Microsoft Corporation)
R2 SQLWriter; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [89968 2007-02-10] (Microsoft Corporation)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [4150112 2013-06-13] (TeamViewer GmbH)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S2 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_4f5a43dc\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_4f5a43dc\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" [x]
R2 JavaQuickStarterService; "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2009-03-05] (Windows (R) 2000 DDK provider)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2008-06-18] (Avanquest Software)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DCamUSBSQTECH; C:\Windows\System32\Drivers\SQcaptur.sys [29744 2003-10-28] (Service & Quality Technology.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [102400 2007-08-09] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [x]
S4 IntelIde; No ImagePath
U3 TlntSvr;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-08 12:39 - 2013-07-08 12:39 - 00001305 ____A C:\AdwCleaner[S4].txt
2013-07-08 12:25 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-08 11:04 - 2013-07-08 11:04 - 00017690 ____A C:\ComboFix.txt
2013-07-08 10:58 - 2013-07-08 10:58 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2013-07-08 10:52 - 2013-07-08 10:52 - 00000000 RASHD C:\cmdcons
2013-07-08 10:52 - 2004-08-03 23:00 - 00262448 _RASH C:\cmldr
2013-07-08 10:51 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-08 10:51 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-08 10:51 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-08 10:45 - 2013-07-08 11:04 - 00000000 ____D C:\Qoobox
2013-07-08 10:45 - 2013-07-08 11:03 - 00000000 ____D C:\Windows\erdnt
2013-07-06 12:21 - 2013-07-06 12:21 - 00001478 ____A C:\AdwCleaner[S3].txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00000364 ____A C:\AdwCleaner[S2].txt
2013-07-06 11:19 - 2013-07-06 11:19 - 00000000 ____D C:\FRST
2013-07-05 21:46 - 2013-07-05 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 21:45 - 2013-07-08 12:43 - 00000000 ____D C:\JRT
2013-07-05 21:16 - 2013-07-05 21:16 - 00029922 ____A C:\AdwCleaner[S1].txt
2013-07-05 21:15 - 2013-07-05 21:15 - 00030024 ____A C:\AdwCleaner[R1].txt
2013-07-05 15:00 - 2013-07-05 15:00 - 00012506 ____A C:\Windows\KB2779562.log
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-07-05 14:59 - 2013-07-05 14:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-07-05 14:58 - 2013-07-05 14:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2753842-v2$
2013-07-05 14:57 - 2013-07-05 14:58 - 00015709 ____A C:\Windows\KB2753842-v2.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00015666 ____A C:\Windows\KB2807986.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00014415 ____A C:\Windows\KB2820197.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$
2013-07-05 14:55 - 2013-07-05 14:56 - 00014196 ____A C:\Windows\KB2838727-IE8.log
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-07-05 12:55 - 2013-07-05 12:57 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-07-05 10:31 - 2013-07-05 15:00 - 00021367 ____A C:\Windows\KB2758857.log
2013-07-05 10:31 - 2013-07-05 15:00 - 00021004 ____A C:\Windows\KB2802968.log
2013-07-05 10:31 - 2013-07-05 14:59 - 00020697 ____A C:\Windows\KB2780091.log
2013-07-05 10:30 - 2013-07-05 14:58 - 00019923 ____A C:\Windows\KB2719985.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00020327 ____A C:\Windows\KB2820917.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00019512 ____A C:\Windows\KB2757638.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00019488 ____A C:\Windows\KB2839229.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019619 ____A C:\Windows\KB2813345.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019495 ____A C:\Windows\KB2749655.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019070 ____A C:\Windows\KB2661254-v2.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00018650 ____A C:\Windows\KB2727528.log
2013-07-05 10:30 - 2013-02-12 02:32 - 00012928 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usb8023x.sys
2013-07-05 10:29 - 2013-07-05 14:55 - 00013004 ____A C:\Windows\KB2829361.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006220 ____A C:\Windows\KB946648.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006020 ____A C:\Windows\KB973687.log
2013-07-04 22:13 - 2013-07-04 22:13 - 00000236 ____A C:\Windows\DtcInstall.log
2013-07-04 22:11 - 2013-07-04 22:13 - 00002162 ____A C:\Windows\wmsetup.log
2013-07-04 22:11 - 2013-07-04 22:11 - 00000187 ____A C:\Windows\spupdsvc.log.1.log
2013-07-04 21:56 - 2013-07-04 21:56 - 00000000 __HDC C:\Windows\$NtUninstallKB956744$
2013-07-04 21:53 - 2013-07-04 22:13 - 00069530 ____A C:\Windows\spupdsvc.log
2013-07-04 21:53 - 2013-07-04 21:53 - 00000173 ____A C:\Windows\cmsetacl.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000311 ____A C:\Windows\sessmgr.setup.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000000 ____D C:\Windows\System32\bits
2013-07-04 21:52 - 2008-04-14 07:51 - 00086016 ____C (Sipro Lab Telecom Inc.) C:\Windows\System32\dllcache\sl_anet.acm
2013-07-04 21:52 - 2008-04-14 07:50 - 00294912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msaud32.acm
2013-07-04 21:52 - 2008-04-14 07:50 - 00290816 ____C (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\dllcache\l3codeca.acm
2013-07-04 21:52 - 2007-06-26 11:30 - 00572557 ____C C:\Windows\System32\dllcache\rtuner.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00457607 ____C C:\Windows\System32\dllcache\mdlib.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00381425 ____C C:\Windows\System32\dllcache\copycd.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00375519 ____C C:\Windows\System32\dllcache\nuskin.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00354468 ____C C:\Windows\System32\dllcache\wmpaud1.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00343204 ____C C:\Windows\System32\dllcache\wmpaud7.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00343204 ____C C:\Windows\System32\dllcache\wmpaud6.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00300969 ____C C:\Windows\System32\dllcache\viz.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud9.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud8.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud3.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086196 ____C C:\Windows\System32\dllcache\wmpaud5.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086180 ____C C:\Windows\System32\dllcache\wmpaud4.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086180 ____C C:\Windows\System32\dllcache\wmpaud2.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00022060 ____C C:\Windows\System32\dllcache\npds.zip
2013-07-04 21:52 - 2007-06-26 11:30 - 00010457 ____C C:\Windows\System32\dllcache\wmptour.hta
2013-07-04 21:52 - 2007-06-26 11:30 - 00009585 ____C C:\Windows\System32\dllcache\controls.css
2013-07-04 21:52 - 2007-06-26 11:30 - 00008298 ____C C:\Windows\System32\dllcache\contents.htm
2013-07-04 21:52 - 2007-06-26 11:30 - 00006878 ____C C:\Windows\System32\dllcache\controls.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00005971 ____C C:\Windows\System32\dllcache\events.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00003187 ____C C:\Windows\System32\dllcache\tour.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00001771 ____C C:\Windows\System32\dllcache\wmptour.css
2013-07-04 21:52 - 2007-06-26 11:30 - 00001148 ____C C:\Windows\System32\dllcache\snd.htm
2013-07-04 21:52 - 2007-06-26 11:30 - 00000420 ____C C:\Windows\System32\dllcache\wmploc.js
2013-07-04 21:52 - 2007-06-26 11:29 - 00097117 ____C C:\Windows\System32\dllcache\mplayer2.hlp
2013-07-04 21:52 - 2007-06-26 11:29 - 00001885 ____C C:\Windows\System32\dllcache\mplayer2.cnt
2013-07-04 21:52 - 2007-06-26 11:26 - 00000403 ____C C:\Windows\System32\dllcache\npdrmv2.zip
2013-07-04 21:52 - 2007-02-21 10:45 - 00076456 ____C C:\Windows\System32\dllcache\wmplayer.adm
2013-07-04 21:52 - 2007-02-21 10:36 - 00026141 ____C C:\Windows\System32\dllcache\wmplay.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00660224 ____C C:\Windows\System32\dllcache\wmplayer.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00184109 ____C C:\Windows\System32\dllcache\compact.wmz
2013-07-04 21:52 - 2007-02-21 10:25 - 00084531 ____C C:\Windows\System32\dllcache\plyr_err.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00066132 ____C C:\Windows\System32\dllcache\revert.wmz
2013-07-04 21:52 - 2007-02-21 10:25 - 00001476 ____C C:\Windows\System32\dllcache\plylst5.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001471 ____C C:\Windows\System32\dllcache\plylst6.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001471 ____C C:\Windows\System32\dllcache\plylst12.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001469 ____C C:\Windows\System32\dllcache\plylst3.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001467 ____C C:\Windows\System32\dllcache\plylst4.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001261 ____C C:\Windows\System32\dllcache\plylst1.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001055 ____C C:\Windows\System32\dllcache\plylst2.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001047 ____C C:\Windows\System32\dllcache\plylst7.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001038 ____C C:\Windows\System32\dllcache\plylst8.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000807 ____C C:\Windows\System32\dllcache\plylst11.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000800 ____C C:\Windows\System32\dllcache\plylst10.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000782 ____C C:\Windows\System32\dllcache\plylst9.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000779 ____C C:\Windows\System32\dllcache\plylst13.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000778 ____C C:\Windows\System32\dllcache\plylst14.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000725 ____C C:\Windows\System32\dllcache\plylst15.wpl
2013-07-04 21:49 - 2008-04-14 07:53 - 00278559 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmv8ds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00258048 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmvds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00221184 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msadds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00069632 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msscds32.ax
2013-07-04 21:49 - 2008-04-14 07:52 - 00303616 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmstream.dll
2013-07-04 21:49 - 2008-04-14 07:52 - 00294912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dlimport.exe
2013-07-04 21:49 - 2008-04-14 07:51 - 00847898 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msdxm.ocx
2013-07-04 21:49 - 2008-04-14 07:51 - 00004126 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msdxmlc.dll
2013-07-04 21:48 - 2013-07-05 15:00 - 00123654 ____A C:\Windows\FaxSetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00059069 ____A C:\Windows\ocgen.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00046238 ____A C:\Windows\tsoc.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00038302 ____A C:\Windows\comsetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00022951 ____A C:\Windows\ntdtcsetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00018674 ____A C:\Windows\iis6.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00006317 ____A C:\Windows\ocmsn.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00006024 ____A C:\Windows\msgsocm.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00001355 ____A C:\Windows\imsins.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00001355 ____A C:\Windows\imsins.BAK
2013-07-04 21:48 - 2013-07-05 14:58 - 00014614 ____A C:\Windows\updspapi.log
2013-07-04 21:48 - 2006-12-29 00:31 - 00019569 ____A C:\Windows\004243_.tmp
2013-07-04 21:47 - 2013-07-04 21:47 - 00000581 ____A C:\Windows\medctroc.Log
2013-07-04 21:42 - 2013-07-05 22:50 - 00000060 ____A C:\Windows\setupact.log
2013-07-04 21:42 - 2013-07-04 21:42 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 21:41 - 2013-07-08 10:50 - 00040855 ____A C:\Windows\setupapi.log
2013-07-04 21:41 - 2013-07-04 22:08 - 00331707 ____A C:\Windows\svcpack.log
2013-07-04 20:43 - 2013-07-04 20:43 - 00000000 ____D C:\Windows\pss
2013-07-04 13:38 - 2013-07-04 13:38 - 00003221 ____A C:\Windows\KB935448.log
2013-07-04 13:37 - 2013-07-04 21:56 - 00034059 ____A C:\Windows\KB956744.log
==================== One Month Modified Files and Folders ========
2013-07-08 20:11 - 2011-12-29 17:37 - 00000000 ____D C:\allewebprojekte
2013-07-08 19:48 - 2009-03-04 13:42 - 00000000 ____A C:\Windows\System32\nmp.log
2013-07-08 19:47 - 2010-02-08 13:58 - 01062443 ____A C:\Windows\WindowsUpdate.log
2013-07-08 19:46 - 2010-02-02 12:22 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 19:46 - 2009-03-04 13:49 - 00182038 ____A C:\Windows\System32\nvapps.xml
2013-07-08 19:46 - 2009-03-04 13:34 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 19:46 - 2009-03-04 13:20 - 00000157 ____A C:\Windows\wiadebug.log
2013-07-08 19:46 - 2009-03-04 13:20 - 00000050 ____A C:\Windows\wiaservc.log
2013-07-08 14:54 - 2009-03-04 13:34 - 00032400 ____A C:\Windows\SchedLgU.Txt
2013-07-08 14:42 - 2010-02-02 12:22 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 14:27 - 2012-04-09 12:41 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 12:43 - 2013-07-05 21:45 - 00000000 ____D C:\JRT
2013-07-08 12:39 - 2013-07-08 12:39 - 00001305 ____A C:\AdwCleaner[S4].txt
2013-07-08 12:25 - 2009-03-04 13:18 - 00000000 ___RD C:\Programme
2013-07-08 11:04 - 2013-07-08 11:04 - 00017690 ____A C:\ComboFix.txt
2013-07-08 11:04 - 2013-07-08 10:45 - 00000000 ____D C:\Qoobox
2013-07-08 11:03 - 2013-07-08 10:45 - 00000000 ____D C:\Windows\erdnt
2013-07-08 11:00 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\System32\Restore
2013-07-08 11:00 - 2008-04-14 14:00 - 00000227 ____A C:\Windows\system.ini
2013-07-08 10:59 - 2009-03-04 14:14 - 46399488 ____A C:\Windows\System32\config\software.bak
2013-07-08 10:59 - 2009-03-04 14:14 - 04980736 ____A C:\Windows\System32\config\system.bak
2013-07-08 10:59 - 2009-03-04 14:14 - 00524288 ____A C:\Windows\System32\config\default.bak
2013-07-08 10:59 - 2009-03-04 13:15 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-07-08 10:59 - 2009-03-04 13:15 - 00028672 ____A C:\Windows\System32\config\SAM.bak
2013-07-08 10:58 - 2013-07-08 10:58 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2013-07-08 10:52 - 2013-07-08 10:52 - 00000000 RASHD C:\cmdcons
2013-07-08 10:50 - 2013-07-04 21:41 - 00040855 ____A C:\Windows\setupapi.log
2013-07-08 09:52 - 2008-04-14 14:00 - 00013646 ____A C:\Windows\System32\wpa.dbl
2013-07-06 18:38 - 2011-01-11 21:09 - 00000000 ____D C:\Windows\System32\NtmsData
2013-07-06 18:34 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\Registration
2013-07-06 12:21 - 2013-07-06 12:21 - 00001478 ____A C:\AdwCleaner[S3].txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00000364 ____A C:\AdwCleaner[S2].txt
2013-07-06 11:19 - 2013-07-06 11:19 - 00000000 ____D C:\FRST
2013-07-05 22:50 - 2013-07-04 21:42 - 00000060 ____A C:\Windows\setupact.log
2013-07-05 21:46 - 2013-07-05 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 21:16 - 2013-07-05 21:16 - 00029922 ____A C:\AdwCleaner[S1].txt
2013-07-05 21:15 - 2013-07-05 21:15 - 00030024 ____A C:\AdwCleaner[R1].txt
2013-07-05 21:06 - 2009-03-04 14:14 - 00000211 _RASH C:\boot.ini
2013-07-05 21:06 - 2008-04-14 14:00 - 00000664 ____A C:\Windows\win.ini
2013-07-05 19:37 - 2009-05-15 19:54 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-05 18:14 - 2009-03-04 13:15 - 01594864 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-05 15:03 - 2009-03-04 13:18 - 01279496 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 15:00 - 2013-07-05 15:00 - 00012506 ____A C:\Windows\KB2779562.log
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-07-05 15:00 - 2013-07-05 10:31 - 00021367 ____A C:\Windows\KB2758857.log
2013-07-05 15:00 - 2013-07-05 10:31 - 00021004 ____A C:\Windows\KB2802968.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00123654 ____A C:\Windows\FaxSetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00059069 ____A C:\Windows\ocgen.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00046238 ____A C:\Windows\tsoc.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00038302 ____A C:\Windows\comsetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00022951 ____A C:\Windows\ntdtcsetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00018674 ____A C:\Windows\iis6.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00006317 ____A C:\Windows\ocmsn.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00006024 ____A C:\Windows\msgsocm.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00001355 ____A C:\Windows\imsins.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00001355 ____A C:\Windows\imsins.BAK
2013-07-05 15:00 - 2009-03-04 14:25 - 00253254 ____A C:\Windows\System32\TZLog.log
2013-07-05 14:59 - 2013-07-05 14:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-07-05 14:59 - 2013-07-05 10:31 - 00020697 ____A C:\Windows\KB2780091.log
2013-07-05 14:58 - 2013-07-05 14:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2753842-v2$
2013-07-05 14:58 - 2013-07-05 14:57 - 00015709 ____A C:\Windows\KB2753842-v2.log
2013-07-05 14:58 - 2013-07-05 10:30 - 00019923 ____A C:\Windows\KB2719985.log
2013-07-05 14:58 - 2013-07-04 21:48 - 00014614 ____A C:\Windows\updspapi.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00015666 ____A C:\Windows\KB2807986.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00014415 ____A C:\Windows\KB2820197.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-07-05 14:57 - 2013-07-05 10:30 - 00020327 ____A C:\Windows\KB2820917.log
2013-07-05 14:57 - 2013-07-05 10:30 - 00019512 ____A C:\Windows\KB2757638.log
2013-07-05 14:57 - 2013-07-05 10:30 - 00019488 ____A C:\Windows\KB2839229.log
2013-07-05 14:57 - 2009-03-04 14:19 - 00000000 ___HD C:\Windows\$hf_mig$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$
2013-07-05 14:56 - 2013-07-05 14:55 - 00014196 ____A C:\Windows\KB2838727-IE8.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019619 ____A C:\Windows\KB2813345.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019495 ____A C:\Windows\KB2749655.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019070 ____A C:\Windows\KB2661254-v2.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00018650 ____A C:\Windows\KB2727528.log
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-07-05 14:55 - 2013-07-05 10:29 - 00013004 ____A C:\Windows\KB2829361.log
2013-07-05 14:55 - 2009-09-12 12:09 - 00000000 ____D C:\Windows\ie8updates
2013-07-05 12:57 - 2013-07-05 12:55 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-07-04 22:49 - 2013-07-04 22:49 - 00006220 ____A C:\Windows\KB946648.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006020 ____A C:\Windows\KB973687.log
2013-07-04 22:13 - 2013-07-04 22:13 - 00000236 ____A C:\Windows\DtcInstall.log
2013-07-04 22:13 - 2013-07-04 22:11 - 00002162 ____A C:\Windows\wmsetup.log
2013-07-04 22:13 - 2013-07-04 21:53 - 00069530 ____A C:\Windows\spupdsvc.log
2013-07-04 22:13 - 2009-03-04 13:31 - 00316640 ____A C:\Windows\WMSysPr9.prx
2013-07-04 22:11 - 2013-07-04 22:11 - 00000187 ____A C:\Windows\spupdsvc.log.1.log
2013-07-04 22:11 - 2012-12-05 13:41 - 00000090 ____A C:\Windows\System32\spupdwxp.log
2013-07-04 22:09 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\security
2013-07-04 22:08 - 2013-07-04 21:41 - 00331707 ____A C:\Windows\svcpack.log
2013-07-04 21:56 - 2013-07-04 21:56 - 00000000 __HDC C:\Windows\$NtUninstallKB956744$
2013-07-04 21:56 - 2013-07-04 13:37 - 00034059 ____A C:\Windows\KB956744.log
2013-07-04 21:53 - 2013-07-04 21:53 - 00000173 ____A C:\Windows\cmsetacl.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000311 ____A C:\Windows\sessmgr.setup.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000000 ____D C:\Windows\System32\bits
2013-07-04 21:52 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\PeerNet
2013-07-04 21:52 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\Help
2013-07-04 21:49 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\System32\usmt
2013-07-04 21:49 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\srchasst
2013-07-04 21:48 - 2012-12-05 11:51 - 00000000 __HDC C:\Windows\$NtServicePackUninstall$
2013-07-04 21:48 - 2009-03-04 13:41 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-07-04 21:47 - 2013-07-04 21:47 - 00000581 ____A C:\Windows\medctroc.Log
2013-07-04 21:42 - 2013-07-04 21:42 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 21:16 - 2009-07-28 17:51 - 00000000 ____D C:\Windows\System32\LogFiles
2013-07-04 21:14 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\Provisioning
2013-07-04 20:43 - 2013-07-04 20:43 - 00000000 ____D C:\Windows\pss
2013-07-04 13:38 - 2013-07-04 13:38 - 00003221 ____A C:\Windows\KB935448.log
2013-07-03 13:47 - 2013-03-08 15:19 - 00000000 ____D C:\vue
2013-06-13 10:27 - 2012-04-09 12:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-13 10:27 - 2011-12-28 17:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-08 21:10 - 2012-12-18 12:10 - 00000000 ____D C:\canopy
2013-06-08 21:00 - 2012-09-12 12:44 - 00000000 ____D C:\dänemark0912
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2008-04-14 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 14:00] - [2008-04-14 14:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
|
|
08.07.2013, 21:15
| #23 |
| /// the machine /// TB-Ausbilder | Webseite bizcoaching öffnet sich ständig ungefragtESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.07.2013, 11:45
| #24 |
| | Webseite bizcoaching öffnet sich ständig ungefragt Hallo, ja das wäre schön wenn es keine Probleme mehr gebe, aber der Esetscan hat neun Bedrohungen gefunden. Hier die drei gewünschten Dateien: C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\61\54e5cf7d-285d954c Variante von Win32/Injector.AJBT Trojaner C:\Dokumente und Einstellungen\Dust\Eigene Dateien\Downloads\pcfix-v302-de(2).exe Win32/Adware.PCFixCleaner Anwendung C:\Dokumente und Einstellungen\Dust\Eigene Dateien\Downloads\pcfix-v302-de.exe Win32/Adware.PCFixCleaner Anwendung C:\FRST\Quarantine\LyricsMonkey\chrome.crx Win32/Adware.AddLyrics.F Anwendung C:\FRST\Quarantine\LyricsMonkey\FF\chrome\content\main.js Win32/Adware.AddLyrics.F Anwendung C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\8ed1dc61-0202-0000-fb05-000087371d04\8ed1dc61-0202-0000-fb05-000087371d04.exe.vir Variante von Win32/Kryptik.BFHQ Trojaner C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Dust\49572.exe.vir Variante von Win32/Kryptik.BFHQ Trojaner C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Dust\ceegaix.exe.vir Win32/Pronny.MB Wurm C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Dust\Anwendungsdaten\WMPRWISE.EXE.vir Variante von Win32/Injector.AJBM Trojaner und dann: Results of screen317's Security Check version 0.99.68 Windows XP Service Pack 3 x86 Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` ESET Online Scanner v3 `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 37 Java(TM) 6 Update 3 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` und dann: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Dust (administrator) on 09-07-2013 12:42:34
Running from C:\allewebprojekte
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
() C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Apple Computer, Inc.) C:\Programme\Bonjour\mDNSResponder.exe
(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(Sun Microsystems, Inc.) C:\Programme\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Hewlett-Packard) C:\Programme\HP\HP Software Update\HPWuSchd2.exe
(Sun Microsystems, Inc.) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Programme\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [SkyTel] SkyTel.EXE [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13529088 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: LeapFTP Internet Explorer Hook - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - C:\PROGRA~1\LEAPFT~1.0\lftpie.dll (LeapWare)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: No Name - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} hxxp://www.cltnet.de/login/dplaunch.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Firefox\Profiles\bq0opndw.default
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SpeedAnalysis.com - C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programme\Java\jre6\lib\deploy\jqs\ff
========================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-03-06] (Adobe Systems)
R2 AdobeActiveFileMonitor4.0; C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-10-03] ()
S3 Autodesk Licensing Service; C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe [77944 2010-12-14] (Autodesk)
R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.)
S3 FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-07-18] (Macrovision Europe Ltd.)
R2 ForcewareWebInterface; C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-04-03] (Apache Software Foundation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-02-02] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-02-02] (Google Inc.)
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-21] (Google)
R3 hpqcxs08; C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.)
R2 hpqddsvc; C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 nSvcIp; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-07-13] (NVIDIA Corporation)
R2 nSvcLog; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-07-13] (NVIDIA Corporation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 SQLBrowser; c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [242544 2007-02-10] (Microsoft Corporation)
R2 SQLWriter; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [89968 2007-02-10] (Microsoft Corporation)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [4150112 2013-06-13] (TeamViewer GmbH)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S2 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_4f5a43dc\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_4f5a43dc\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" [x]
R2 JavaQuickStarterService; "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2009-03-05] (Windows (R) 2000 DDK provider)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2008-06-18] (Avanquest Software)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DCamUSBSQTECH; C:\Windows\System32\Drivers\SQcaptur.sys [29744 2003-10-28] (Service & Quality Technology.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [102400 2007-08-09] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [x]
S4 IntelIde; No ImagePath
U3 TlntSvr;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-08 12:39 - 2013-07-08 12:39 - 00001305 ____A C:\AdwCleaner[S4].txt
2013-07-08 12:25 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-08 11:04 - 2013-07-08 11:04 - 00017690 ____A C:\ComboFix.txt
2013-07-08 10:58 - 2013-07-08 10:58 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2013-07-08 10:52 - 2013-07-08 10:52 - 00000000 RASHD C:\cmdcons
2013-07-08 10:52 - 2004-08-03 23:00 - 00262448 _RASH C:\cmldr
2013-07-08 10:51 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-08 10:51 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-08 10:51 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-08 10:45 - 2013-07-08 11:04 - 00000000 ____D C:\Qoobox
2013-07-08 10:45 - 2013-07-08 11:03 - 00000000 ____D C:\Windows\erdnt
2013-07-06 12:21 - 2013-07-06 12:21 - 00001478 ____A C:\AdwCleaner[S3].txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00000364 ____A C:\AdwCleaner[S2].txt
2013-07-06 11:19 - 2013-07-06 11:19 - 00000000 ____D C:\FRST
2013-07-05 21:46 - 2013-07-05 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 21:45 - 2013-07-08 12:43 - 00000000 ____D C:\JRT
2013-07-05 21:16 - 2013-07-05 21:16 - 00029922 ____A C:\AdwCleaner[S1].txt
2013-07-05 21:15 - 2013-07-05 21:15 - 00030024 ____A C:\AdwCleaner[R1].txt
2013-07-05 15:00 - 2013-07-05 15:00 - 00012506 ____A C:\Windows\KB2779562.log
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-07-05 14:59 - 2013-07-05 14:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-07-05 14:58 - 2013-07-05 14:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2753842-v2$
2013-07-05 14:57 - 2013-07-05 14:58 - 00015709 ____A C:\Windows\KB2753842-v2.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00015666 ____A C:\Windows\KB2807986.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00014415 ____A C:\Windows\KB2820197.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$
2013-07-05 14:55 - 2013-07-05 14:56 - 00014196 ____A C:\Windows\KB2838727-IE8.log
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-07-05 12:55 - 2013-07-05 12:57 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-07-05 10:31 - 2013-07-05 15:00 - 00021367 ____A C:\Windows\KB2758857.log
2013-07-05 10:31 - 2013-07-05 15:00 - 00021004 ____A C:\Windows\KB2802968.log
2013-07-05 10:31 - 2013-07-05 14:59 - 00020697 ____A C:\Windows\KB2780091.log
2013-07-05 10:30 - 2013-07-05 14:58 - 00019923 ____A C:\Windows\KB2719985.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00020327 ____A C:\Windows\KB2820917.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00019512 ____A C:\Windows\KB2757638.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00019488 ____A C:\Windows\KB2839229.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019619 ____A C:\Windows\KB2813345.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019495 ____A C:\Windows\KB2749655.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019070 ____A C:\Windows\KB2661254-v2.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00018650 ____A C:\Windows\KB2727528.log
2013-07-05 10:30 - 2013-02-12 02:32 - 00012928 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usb8023x.sys
2013-07-05 10:29 - 2013-07-05 14:55 - 00013004 ____A C:\Windows\KB2829361.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006220 ____A C:\Windows\KB946648.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006020 ____A C:\Windows\KB973687.log
2013-07-04 22:13 - 2013-07-04 22:13 - 00000236 ____A C:\Windows\DtcInstall.log
2013-07-04 22:11 - 2013-07-04 22:13 - 00002162 ____A C:\Windows\wmsetup.log
2013-07-04 22:11 - 2013-07-04 22:11 - 00000187 ____A C:\Windows\spupdsvc.log.1.log
2013-07-04 21:56 - 2013-07-04 21:56 - 00000000 __HDC C:\Windows\$NtUninstallKB956744$
2013-07-04 21:53 - 2013-07-04 22:13 - 00069530 ____A C:\Windows\spupdsvc.log
2013-07-04 21:53 - 2013-07-04 21:53 - 00000173 ____A C:\Windows\cmsetacl.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000311 ____A C:\Windows\sessmgr.setup.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000000 ____D C:\Windows\System32\bits
2013-07-04 21:52 - 2008-04-14 07:51 - 00086016 ____C (Sipro Lab Telecom Inc.) C:\Windows\System32\dllcache\sl_anet.acm
2013-07-04 21:52 - 2008-04-14 07:50 - 00294912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msaud32.acm
2013-07-04 21:52 - 2008-04-14 07:50 - 00290816 ____C (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\dllcache\l3codeca.acm
2013-07-04 21:52 - 2007-06-26 11:30 - 00572557 ____C C:\Windows\System32\dllcache\rtuner.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00457607 ____C C:\Windows\System32\dllcache\mdlib.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00381425 ____C C:\Windows\System32\dllcache\copycd.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00375519 ____C C:\Windows\System32\dllcache\nuskin.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00354468 ____C C:\Windows\System32\dllcache\wmpaud1.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00343204 ____C C:\Windows\System32\dllcache\wmpaud7.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00343204 ____C C:\Windows\System32\dllcache\wmpaud6.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00300969 ____C C:\Windows\System32\dllcache\viz.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud9.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud8.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud3.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086196 ____C C:\Windows\System32\dllcache\wmpaud5.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086180 ____C C:\Windows\System32\dllcache\wmpaud4.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086180 ____C C:\Windows\System32\dllcache\wmpaud2.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00022060 ____C C:\Windows\System32\dllcache\npds.zip
2013-07-04 21:52 - 2007-06-26 11:30 - 00010457 ____C C:\Windows\System32\dllcache\wmptour.hta
2013-07-04 21:52 - 2007-06-26 11:30 - 00009585 ____C C:\Windows\System32\dllcache\controls.css
2013-07-04 21:52 - 2007-06-26 11:30 - 00008298 ____C C:\Windows\System32\dllcache\contents.htm
2013-07-04 21:52 - 2007-06-26 11:30 - 00006878 ____C C:\Windows\System32\dllcache\controls.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00005971 ____C C:\Windows\System32\dllcache\events.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00003187 ____C C:\Windows\System32\dllcache\tour.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00001771 ____C C:\Windows\System32\dllcache\wmptour.css
2013-07-04 21:52 - 2007-06-26 11:30 - 00001148 ____C C:\Windows\System32\dllcache\snd.htm
2013-07-04 21:52 - 2007-06-26 11:30 - 00000420 ____C C:\Windows\System32\dllcache\wmploc.js
2013-07-04 21:52 - 2007-06-26 11:29 - 00097117 ____C C:\Windows\System32\dllcache\mplayer2.hlp
2013-07-04 21:52 - 2007-06-26 11:29 - 00001885 ____C C:\Windows\System32\dllcache\mplayer2.cnt
2013-07-04 21:52 - 2007-06-26 11:26 - 00000403 ____C C:\Windows\System32\dllcache\npdrmv2.zip
2013-07-04 21:52 - 2007-02-21 10:45 - 00076456 ____C C:\Windows\System32\dllcache\wmplayer.adm
2013-07-04 21:52 - 2007-02-21 10:36 - 00026141 ____C C:\Windows\System32\dllcache\wmplay.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00660224 ____C C:\Windows\System32\dllcache\wmplayer.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00184109 ____C C:\Windows\System32\dllcache\compact.wmz
2013-07-04 21:52 - 2007-02-21 10:25 - 00084531 ____C C:\Windows\System32\dllcache\plyr_err.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00066132 ____C C:\Windows\System32\dllcache\revert.wmz
2013-07-04 21:52 - 2007-02-21 10:25 - 00001476 ____C C:\Windows\System32\dllcache\plylst5.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001471 ____C C:\Windows\System32\dllcache\plylst6.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001471 ____C C:\Windows\System32\dllcache\plylst12.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001469 ____C C:\Windows\System32\dllcache\plylst3.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001467 ____C C:\Windows\System32\dllcache\plylst4.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001261 ____C C:\Windows\System32\dllcache\plylst1.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001055 ____C C:\Windows\System32\dllcache\plylst2.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001047 ____C C:\Windows\System32\dllcache\plylst7.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001038 ____C C:\Windows\System32\dllcache\plylst8.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000807 ____C C:\Windows\System32\dllcache\plylst11.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000800 ____C C:\Windows\System32\dllcache\plylst10.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000782 ____C C:\Windows\System32\dllcache\plylst9.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000779 ____C C:\Windows\System32\dllcache\plylst13.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000778 ____C C:\Windows\System32\dllcache\plylst14.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000725 ____C C:\Windows\System32\dllcache\plylst15.wpl
2013-07-04 21:49 - 2008-04-14 07:53 - 00278559 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmv8ds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00258048 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmvds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00221184 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msadds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00069632 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msscds32.ax
2013-07-04 21:49 - 2008-04-14 07:52 - 00303616 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmstream.dll
2013-07-04 21:49 - 2008-04-14 07:52 - 00294912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dlimport.exe
2013-07-04 21:49 - 2008-04-14 07:51 - 00847898 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msdxm.ocx
2013-07-04 21:49 - 2008-04-14 07:51 - 00004126 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msdxmlc.dll
2013-07-04 21:48 - 2013-07-05 15:00 - 00123654 ____A C:\Windows\FaxSetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00059069 ____A C:\Windows\ocgen.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00046238 ____A C:\Windows\tsoc.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00038302 ____A C:\Windows\comsetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00022951 ____A C:\Windows\ntdtcsetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00018674 ____A C:\Windows\iis6.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00006317 ____A C:\Windows\ocmsn.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00006024 ____A C:\Windows\msgsocm.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00001355 ____A C:\Windows\imsins.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00001355 ____A C:\Windows\imsins.BAK
2013-07-04 21:48 - 2013-07-05 14:58 - 00014614 ____A C:\Windows\updspapi.log
2013-07-04 21:48 - 2006-12-29 00:31 - 00019569 ____A C:\Windows\004243_.tmp
2013-07-04 21:47 - 2013-07-04 21:47 - 00000581 ____A C:\Windows\medctroc.Log
2013-07-04 21:42 - 2013-07-05 22:50 - 00000060 ____A C:\Windows\setupact.log
2013-07-04 21:42 - 2013-07-04 21:42 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 21:41 - 2013-07-08 10:50 - 00040855 ____A C:\Windows\setupapi.log
2013-07-04 21:41 - 2013-07-04 22:08 - 00331707 ____A C:\Windows\svcpack.log
2013-07-04 20:43 - 2013-07-04 20:43 - 00000000 ____D C:\Windows\pss
2013-07-04 13:38 - 2013-07-04 13:38 - 00003221 ____A C:\Windows\KB935448.log
2013-07-04 13:37 - 2013-07-04 21:56 - 00034059 ____A C:\Windows\KB956744.log
==================== One Month Modified Files and Folders ========
2013-07-09 12:42 - 2011-12-29 17:37 - 00000000 ____D C:\allewebprojekte
2013-07-09 12:42 - 2010-02-02 12:22 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-09 12:27 - 2012-04-09 12:41 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-09 11:16 - 2010-02-08 13:58 - 01080536 ____A C:\Windows\WindowsUpdate.log
2013-07-09 11:16 - 2009-03-04 13:42 - 00000000 ____A C:\Windows\System32\nmp.log
2013-07-09 11:14 - 2010-02-02 12:22 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-09 11:14 - 2009-03-04 13:49 - 00182038 ____A C:\Windows\System32\nvapps.xml
2013-07-09 11:14 - 2009-03-04 13:34 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 11:14 - 2009-03-04 13:20 - 00000159 ____A C:\Windows\wiadebug.log
2013-07-09 11:14 - 2009-03-04 13:20 - 00000050 ____A C:\Windows\wiaservc.log
2013-07-08 22:53 - 2009-03-04 13:34 - 00032400 ____A C:\Windows\SchedLgU.Txt
2013-07-08 12:43 - 2013-07-05 21:45 - 00000000 ____D C:\JRT
2013-07-08 12:39 - 2013-07-08 12:39 - 00001305 ____A C:\AdwCleaner[S4].txt
2013-07-08 12:34 - 2012-09-12 10:50 - 00000000 __HDC C:\Windows\$NtUninstallKB2736233$
2013-07-08 12:25 - 2009-03-04 13:18 - 00000000 ___RD C:\Programme
2013-07-08 11:04 - 2013-07-08 11:04 - 00017690 ____A C:\ComboFix.txt
2013-07-08 11:04 - 2013-07-08 10:45 - 00000000 ____D C:\Qoobox
2013-07-08 11:03 - 2013-07-08 10:45 - 00000000 ____D C:\Windows\erdnt
2013-07-08 11:00 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\System32\Restore
2013-07-08 11:00 - 2008-04-14 14:00 - 00000227 ____A C:\Windows\system.ini
2013-07-08 10:59 - 2009-03-04 14:14 - 46399488 ____A C:\Windows\System32\config\software.bak
2013-07-08 10:59 - 2009-03-04 14:14 - 04980736 ____A C:\Windows\System32\config\system.bak
2013-07-08 10:59 - 2009-03-04 14:14 - 00524288 ____A C:\Windows\System32\config\default.bak
2013-07-08 10:59 - 2009-03-04 13:15 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-07-08 10:59 - 2009-03-04 13:15 - 00028672 ____A C:\Windows\System32\config\SAM.bak
2013-07-08 10:58 - 2013-07-08 10:58 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2013-07-08 10:52 - 2013-07-08 10:52 - 00000000 RASHD C:\cmdcons
2013-07-08 10:50 - 2013-07-04 21:41 - 00040855 ____A C:\Windows\setupapi.log
2013-07-08 09:52 - 2008-04-14 14:00 - 00013646 ____A C:\Windows\System32\wpa.dbl
2013-07-06 18:38 - 2011-01-11 21:09 - 00000000 ____D C:\Windows\System32\NtmsData
2013-07-06 18:34 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\Registration
2013-07-06 12:21 - 2013-07-06 12:21 - 00001478 ____A C:\AdwCleaner[S3].txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00000364 ____A C:\AdwCleaner[S2].txt
2013-07-06 11:19 - 2013-07-06 11:19 - 00000000 ____D C:\FRST
2013-07-05 22:50 - 2013-07-04 21:42 - 00000060 ____A C:\Windows\setupact.log
2013-07-05 21:46 - 2013-07-05 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 21:16 - 2013-07-05 21:16 - 00029922 ____A C:\AdwCleaner[S1].txt
2013-07-05 21:15 - 2013-07-05 21:15 - 00030024 ____A C:\AdwCleaner[R1].txt
2013-07-05 21:06 - 2009-03-04 14:14 - 00000211 _RASH C:\boot.ini
2013-07-05 21:06 - 2008-04-14 14:00 - 00000664 ____A C:\Windows\win.ini
2013-07-05 19:37 - 2009-05-15 19:54 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-05 18:14 - 2009-03-04 13:15 - 01594864 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-05 15:03 - 2009-03-04 13:18 - 01279496 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 15:00 - 2013-07-05 15:00 - 00012506 ____A C:\Windows\KB2779562.log
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-07-05 15:00 - 2013-07-05 10:31 - 00021367 ____A C:\Windows\KB2758857.log
2013-07-05 15:00 - 2013-07-05 10:31 - 00021004 ____A C:\Windows\KB2802968.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00123654 ____A C:\Windows\FaxSetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00059069 ____A C:\Windows\ocgen.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00046238 ____A C:\Windows\tsoc.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00038302 ____A C:\Windows\comsetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00022951 ____A C:\Windows\ntdtcsetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00018674 ____A C:\Windows\iis6.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00006317 ____A C:\Windows\ocmsn.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00006024 ____A C:\Windows\msgsocm.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00001355 ____A C:\Windows\imsins.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00001355 ____A C:\Windows\imsins.BAK
2013-07-05 15:00 - 2009-03-04 14:25 - 00253254 ____A C:\Windows\System32\TZLog.log
2013-07-05 14:59 - 2013-07-05 14:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-07-05 14:59 - 2013-07-05 10:31 - 00020697 ____A C:\Windows\KB2780091.log
2013-07-05 14:58 - 2013-07-05 14:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2753842-v2$
2013-07-05 14:58 - 2013-07-05 14:57 - 00015709 ____A C:\Windows\KB2753842-v2.log
2013-07-05 14:58 - 2013-07-05 10:30 - 00019923 ____A C:\Windows\KB2719985.log
2013-07-05 14:58 - 2013-07-04 21:48 - 00014614 ____A C:\Windows\updspapi.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00015666 ____A C:\Windows\KB2807986.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00014415 ____A C:\Windows\KB2820197.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-07-05 14:57 - 2013-07-05 10:30 - 00020327 ____A C:\Windows\KB2820917.log
2013-07-05 14:57 - 2013-07-05 10:30 - 00019512 ____A C:\Windows\KB2757638.log
2013-07-05 14:57 - 2013-07-05 10:30 - 00019488 ____A C:\Windows\KB2839229.log
2013-07-05 14:57 - 2009-03-04 14:19 - 00000000 ___HD C:\Windows\$hf_mig$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$
2013-07-05 14:56 - 2013-07-05 14:55 - 00014196 ____A C:\Windows\KB2838727-IE8.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019619 ____A C:\Windows\KB2813345.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019495 ____A C:\Windows\KB2749655.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019070 ____A C:\Windows\KB2661254-v2.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00018650 ____A C:\Windows\KB2727528.log
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-07-05 14:55 - 2013-07-05 10:29 - 00013004 ____A C:\Windows\KB2829361.log
2013-07-05 14:55 - 2009-09-12 12:09 - 00000000 ____D C:\Windows\ie8updates
2013-07-05 12:57 - 2013-07-05 12:55 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-07-04 22:49 - 2013-07-04 22:49 - 00006220 ____A C:\Windows\KB946648.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006020 ____A C:\Windows\KB973687.log
2013-07-04 22:13 - 2013-07-04 22:13 - 00000236 ____A C:\Windows\DtcInstall.log
2013-07-04 22:13 - 2013-07-04 22:11 - 00002162 ____A C:\Windows\wmsetup.log
2013-07-04 22:13 - 2013-07-04 21:53 - 00069530 ____A C:\Windows\spupdsvc.log
2013-07-04 22:13 - 2009-03-04 13:31 - 00316640 ____A C:\Windows\WMSysPr9.prx
2013-07-04 22:11 - 2013-07-04 22:11 - 00000187 ____A C:\Windows\spupdsvc.log.1.log
2013-07-04 22:11 - 2012-12-05 13:41 - 00000090 ____A C:\Windows\System32\spupdwxp.log
2013-07-04 22:09 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\security
2013-07-04 22:08 - 2013-07-04 21:41 - 00331707 ____A C:\Windows\svcpack.log
2013-07-04 21:56 - 2013-07-04 21:56 - 00000000 __HDC C:\Windows\$NtUninstallKB956744$
2013-07-04 21:56 - 2013-07-04 13:37 - 00034059 ____A C:\Windows\KB956744.log
2013-07-04 21:53 - 2013-07-04 21:53 - 00000173 ____A C:\Windows\cmsetacl.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000311 ____A C:\Windows\sessmgr.setup.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000000 ____D C:\Windows\System32\bits
2013-07-04 21:52 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\PeerNet
2013-07-04 21:52 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\Help
2013-07-04 21:49 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\System32\usmt
2013-07-04 21:49 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\srchasst
2013-07-04 21:48 - 2012-12-05 11:51 - 00000000 __HDC C:\Windows\$NtServicePackUninstall$
2013-07-04 21:48 - 2009-03-04 13:41 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-07-04 21:47 - 2013-07-04 21:47 - 00000581 ____A C:\Windows\medctroc.Log
2013-07-04 21:42 - 2013-07-04 21:42 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 21:16 - 2009-07-28 17:51 - 00000000 ____D C:\Windows\System32\LogFiles
2013-07-04 21:14 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\Provisioning
2013-07-04 20:43 - 2013-07-04 20:43 - 00000000 ____D C:\Windows\pss
2013-07-04 13:38 - 2013-07-04 13:38 - 00003221 ____A C:\Windows\KB935448.log
2013-07-03 13:47 - 2013-03-08 15:19 - 00000000 ____D C:\vue
2013-06-13 10:27 - 2012-04-09 12:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-13 10:27 - 2011-12-28 17:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2008-04-14 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 14:00] - [2008-04-14 14:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
|
|
09.07.2013, 11:48
| #25 | |
| /// the machine /// TB-Ausbilder | Webseite bizcoaching öffnet sich ständig ungefragtZitat:
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Java und Adobe updaten. Hast Du noch Probleme mit dem Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.07.2013, 15:46
| #26 |
| | Webseite bizcoaching öffnet sich ständig ungefragt Hallo, vielen Dank, aber das Tool zum entfernen der temporären Dateien läuft jetzt schon über 2,5 STunden lang und nichts passiert, der Desktop ist leer- ist das normal, kann ich noch hoffen das was passiert? Leider ist inzwischen auch mein Emailkonto gehackt und ich komme nur nach jedem dritten neu gesetzten Passwort in meinen Account, welches Adobe soll denn upgedatet werden? Adobe REader habe ich gestern schon gemacht, viele Grüße |
|
09.07.2013, 16:58
| #27 |
| /// the machine /// TB-Ausbilder | Webseite bizcoaching öffnet sich ständig ungefragt Beende TFC und poste ein frisches FRST Log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.07.2013, 17:02
| #28 |
| | Webseite bizcoaching öffnet sich ständig ungefragt Hallo, Vielen Dank, aber ich kann es wohl nur beenden wenn ich den Notschaltknopf betätige, ist das okey, kommt beim rauffahren der Desktop wieder? Grüße |
|
09.07.2013, 17:10
| #29 |
| /// the machine /// TB-Ausbilder | Webseite bizcoaching öffnet sich ständig ungefragt Normalerweise schon
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.07.2013, 17:18
| #30 |
| | Webseite bizcoaching öffnet sich ständig ungefragt Hallo, prima, wenigstens sind alle Daten und Programme wieder da. Das mein Emailaccount auch nicht mehr funktioniert seit gestern abend ist wohl Zufall, oder? Hier die gewünschte Datei: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Dust (administrator) on 09-07-2013 18:14:09
Running from C:\allewebprojekte
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
() C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Apple Computer, Inc.) C:\Programme\Bonjour\mDNSResponder.exe
(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(Sun Microsystems, Inc.) C:\Programme\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Hewlett-Packard) C:\Programme\HP\HP Software Update\HPWuSchd2.exe
(Sun Microsystems, Inc.) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
(Skype Technologies S.A.) C:\Programme\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [SkyTel] SkyTel.EXE [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13529088 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: LeapFTP Internet Explorer Hook - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - C:\PROGRA~1\LEAPFT~1.0\lftpie.dll (LeapWare)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: No Name - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} hxxp://www.cltnet.de/login/dplaunch.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Firefox\Profiles\bq0opndw.default
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SpeedAnalysis.com - C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programme\Java\jre6\lib\deploy\jqs\ff
========================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-03-06] (Adobe Systems)
R2 AdobeActiveFileMonitor4.0; C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-10-03] ()
S3 Autodesk Licensing Service; C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe [77944 2010-12-14] (Autodesk)
R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.)
S3 FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-07-18] (Macrovision Europe Ltd.)
R2 ForcewareWebInterface; C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-04-03] (Apache Software Foundation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-02-02] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-02-02] (Google Inc.)
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-21] (Google)
R3 hpqcxs08; C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.)
R2 hpqddsvc; C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 nSvcIp; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-07-13] (NVIDIA Corporation)
R2 nSvcLog; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-07-13] (NVIDIA Corporation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 SQLBrowser; c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [242544 2007-02-10] (Microsoft Corporation)
R2 SQLWriter; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [89968 2007-02-10] (Microsoft Corporation)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [4150112 2013-06-13] (TeamViewer GmbH)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S2 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_4f5a43dc\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_4f5a43dc\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" [x]
R2 JavaQuickStarterService; "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2009-03-05] (Windows (R) 2000 DDK provider)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2008-06-18] (Avanquest Software)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DCamUSBSQTECH; C:\Windows\System32\Drivers\SQcaptur.sys [29744 2003-10-28] (Service & Quality Technology.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [102400 2007-08-09] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [x]
S4 IntelIde; No ImagePath
U3 TlntSvr;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-08 12:39 - 2013-07-08 12:39 - 00001305 ____A C:\AdwCleaner[S4].txt
2013-07-08 12:25 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-08 11:04 - 2013-07-08 11:04 - 00017690 ____A C:\ComboFix.txt
2013-07-08 10:58 - 2013-07-08 10:58 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2013-07-08 10:52 - 2013-07-08 10:52 - 00000000 RASHD C:\cmdcons
2013-07-08 10:52 - 2004-08-03 23:00 - 00262448 _RASH C:\cmldr
2013-07-08 10:51 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-08 10:51 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-08 10:51 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-08 10:51 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-08 10:45 - 2013-07-08 11:04 - 00000000 ____D C:\Qoobox
2013-07-08 10:45 - 2013-07-08 11:03 - 00000000 ____D C:\Windows\erdnt
2013-07-06 12:21 - 2013-07-06 12:21 - 00001478 ____A C:\AdwCleaner[S3].txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00000364 ____A C:\AdwCleaner[S2].txt
2013-07-06 11:19 - 2013-07-06 11:19 - 00000000 ____D C:\FRST
2013-07-05 21:46 - 2013-07-05 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 21:45 - 2013-07-08 12:43 - 00000000 ____D C:\JRT
2013-07-05 21:16 - 2013-07-05 21:16 - 00029922 ____A C:\AdwCleaner[S1].txt
2013-07-05 21:15 - 2013-07-05 21:15 - 00030024 ____A C:\AdwCleaner[R1].txt
2013-07-05 15:00 - 2013-07-05 15:00 - 00012506 ____A C:\Windows\KB2779562.log
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-07-05 14:59 - 2013-07-05 14:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-07-05 14:58 - 2013-07-05 14:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2753842-v2$
2013-07-05 14:57 - 2013-07-05 14:58 - 00015709 ____A C:\Windows\KB2753842-v2.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00015666 ____A C:\Windows\KB2807986.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00014415 ____A C:\Windows\KB2820197.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$
2013-07-05 14:55 - 2013-07-05 14:56 - 00014196 ____A C:\Windows\KB2838727-IE8.log
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-07-05 12:55 - 2013-07-05 12:57 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-07-05 10:31 - 2013-07-05 15:00 - 00021367 ____A C:\Windows\KB2758857.log
2013-07-05 10:31 - 2013-07-05 15:00 - 00021004 ____A C:\Windows\KB2802968.log
2013-07-05 10:31 - 2013-07-05 14:59 - 00020697 ____A C:\Windows\KB2780091.log
2013-07-05 10:30 - 2013-07-05 14:58 - 00019923 ____A C:\Windows\KB2719985.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00020327 ____A C:\Windows\KB2820917.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00019512 ____A C:\Windows\KB2757638.log
2013-07-05 10:30 - 2013-07-05 14:57 - 00019488 ____A C:\Windows\KB2839229.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019619 ____A C:\Windows\KB2813345.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019495 ____A C:\Windows\KB2749655.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00019070 ____A C:\Windows\KB2661254-v2.log
2013-07-05 10:30 - 2013-07-05 14:56 - 00018650 ____A C:\Windows\KB2727528.log
2013-07-05 10:30 - 2013-02-12 02:32 - 00012928 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usb8023x.sys
2013-07-05 10:29 - 2013-07-05 14:55 - 00013004 ____A C:\Windows\KB2829361.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006220 ____A C:\Windows\KB946648.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006020 ____A C:\Windows\KB973687.log
2013-07-04 22:13 - 2013-07-04 22:13 - 00000236 ____A C:\Windows\DtcInstall.log
2013-07-04 22:11 - 2013-07-04 22:13 - 00002162 ____A C:\Windows\wmsetup.log
2013-07-04 22:11 - 2013-07-04 22:11 - 00000187 ____A C:\Windows\spupdsvc.log.1.log
2013-07-04 21:56 - 2013-07-04 21:56 - 00000000 __HDC C:\Windows\$NtUninstallKB956744$
2013-07-04 21:53 - 2013-07-04 22:13 - 00069530 ____A C:\Windows\spupdsvc.log
2013-07-04 21:53 - 2013-07-04 21:53 - 00000173 ____A C:\Windows\cmsetacl.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000311 ____A C:\Windows\sessmgr.setup.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000000 ____D C:\Windows\System32\bits
2013-07-04 21:52 - 2008-04-14 07:51 - 00086016 ____C (Sipro Lab Telecom Inc.) C:\Windows\System32\dllcache\sl_anet.acm
2013-07-04 21:52 - 2008-04-14 07:50 - 00294912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msaud32.acm
2013-07-04 21:52 - 2008-04-14 07:50 - 00290816 ____C (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\dllcache\l3codeca.acm
2013-07-04 21:52 - 2007-06-26 11:30 - 00572557 ____C C:\Windows\System32\dllcache\rtuner.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00457607 ____C C:\Windows\System32\dllcache\mdlib.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00381425 ____C C:\Windows\System32\dllcache\copycd.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00375519 ____C C:\Windows\System32\dllcache\nuskin.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00354468 ____C C:\Windows\System32\dllcache\wmpaud1.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00343204 ____C C:\Windows\System32\dllcache\wmpaud7.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00343204 ____C C:\Windows\System32\dllcache\wmpaud6.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00300969 ____C C:\Windows\System32\dllcache\viz.wmv
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud9.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud8.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00172196 ____C C:\Windows\System32\dllcache\wmpaud3.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086196 ____C C:\Windows\System32\dllcache\wmpaud5.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086180 ____C C:\Windows\System32\dllcache\wmpaud4.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00086180 ____C C:\Windows\System32\dllcache\wmpaud2.wav
2013-07-04 21:52 - 2007-06-26 11:30 - 00022060 ____C C:\Windows\System32\dllcache\npds.zip
2013-07-04 21:52 - 2007-06-26 11:30 - 00010457 ____C C:\Windows\System32\dllcache\wmptour.hta
2013-07-04 21:52 - 2007-06-26 11:30 - 00009585 ____C C:\Windows\System32\dllcache\controls.css
2013-07-04 21:52 - 2007-06-26 11:30 - 00008298 ____C C:\Windows\System32\dllcache\contents.htm
2013-07-04 21:52 - 2007-06-26 11:30 - 00006878 ____C C:\Windows\System32\dllcache\controls.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00005971 ____C C:\Windows\System32\dllcache\events.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00003187 ____C C:\Windows\System32\dllcache\tour.js
2013-07-04 21:52 - 2007-06-26 11:30 - 00001771 ____C C:\Windows\System32\dllcache\wmptour.css
2013-07-04 21:52 - 2007-06-26 11:30 - 00001148 ____C C:\Windows\System32\dllcache\snd.htm
2013-07-04 21:52 - 2007-06-26 11:30 - 00000420 ____C C:\Windows\System32\dllcache\wmploc.js
2013-07-04 21:52 - 2007-06-26 11:29 - 00097117 ____C C:\Windows\System32\dllcache\mplayer2.hlp
2013-07-04 21:52 - 2007-06-26 11:29 - 00001885 ____C C:\Windows\System32\dllcache\mplayer2.cnt
2013-07-04 21:52 - 2007-06-26 11:26 - 00000403 ____C C:\Windows\System32\dllcache\npdrmv2.zip
2013-07-04 21:52 - 2007-02-21 10:45 - 00076456 ____C C:\Windows\System32\dllcache\wmplayer.adm
2013-07-04 21:52 - 2007-02-21 10:36 - 00026141 ____C C:\Windows\System32\dllcache\wmplay.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00660224 ____C C:\Windows\System32\dllcache\wmplayer.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00184109 ____C C:\Windows\System32\dllcache\compact.wmz
2013-07-04 21:52 - 2007-02-21 10:25 - 00084531 ____C C:\Windows\System32\dllcache\plyr_err.chm
2013-07-04 21:52 - 2007-02-21 10:25 - 00066132 ____C C:\Windows\System32\dllcache\revert.wmz
2013-07-04 21:52 - 2007-02-21 10:25 - 00001476 ____C C:\Windows\System32\dllcache\plylst5.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001471 ____C C:\Windows\System32\dllcache\plylst6.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001471 ____C C:\Windows\System32\dllcache\plylst12.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001469 ____C C:\Windows\System32\dllcache\plylst3.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001467 ____C C:\Windows\System32\dllcache\plylst4.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001261 ____C C:\Windows\System32\dllcache\plylst1.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001055 ____C C:\Windows\System32\dllcache\plylst2.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001047 ____C C:\Windows\System32\dllcache\plylst7.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00001038 ____C C:\Windows\System32\dllcache\plylst8.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000807 ____C C:\Windows\System32\dllcache\plylst11.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000800 ____C C:\Windows\System32\dllcache\plylst10.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000782 ____C C:\Windows\System32\dllcache\plylst9.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000779 ____C C:\Windows\System32\dllcache\plylst13.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000778 ____C C:\Windows\System32\dllcache\plylst14.wpl
2013-07-04 21:52 - 2007-02-21 10:25 - 00000725 ____C C:\Windows\System32\dllcache\plylst15.wpl
2013-07-04 21:49 - 2008-04-14 07:53 - 00278559 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmv8ds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00258048 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmvds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00221184 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msadds32.ax
2013-07-04 21:49 - 2008-04-14 07:53 - 00069632 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msscds32.ax
2013-07-04 21:49 - 2008-04-14 07:52 - 00303616 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wmstream.dll
2013-07-04 21:49 - 2008-04-14 07:52 - 00294912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dlimport.exe
2013-07-04 21:49 - 2008-04-14 07:51 - 00847898 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msdxm.ocx
2013-07-04 21:49 - 2008-04-14 07:51 - 00004126 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msdxmlc.dll
2013-07-04 21:48 - 2013-07-05 15:00 - 00123654 ____A C:\Windows\FaxSetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00059069 ____A C:\Windows\ocgen.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00046238 ____A C:\Windows\tsoc.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00038302 ____A C:\Windows\comsetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00022951 ____A C:\Windows\ntdtcsetup.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00018674 ____A C:\Windows\iis6.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00006317 ____A C:\Windows\ocmsn.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00006024 ____A C:\Windows\msgsocm.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00001355 ____A C:\Windows\imsins.log
2013-07-04 21:48 - 2013-07-05 15:00 - 00001355 ____A C:\Windows\imsins.BAK
2013-07-04 21:48 - 2013-07-05 14:58 - 00014614 ____A C:\Windows\updspapi.log
2013-07-04 21:48 - 2006-12-29 00:31 - 00019569 ____A C:\Windows\004243_.tmp
2013-07-04 21:47 - 2013-07-04 21:47 - 00000581 ____A C:\Windows\medctroc.Log
2013-07-04 21:42 - 2013-07-05 22:50 - 00000060 ____A C:\Windows\setupact.log
2013-07-04 21:42 - 2013-07-04 21:42 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 21:41 - 2013-07-08 10:50 - 00040855 ____A C:\Windows\setupapi.log
2013-07-04 21:41 - 2013-07-04 22:08 - 00331707 ____A C:\Windows\svcpack.log
2013-07-04 20:43 - 2013-07-04 20:43 - 00000000 ____D C:\Windows\pss
2013-07-04 13:38 - 2013-07-04 13:38 - 00003221 ____A C:\Windows\KB935448.log
2013-07-04 13:37 - 2013-07-04 21:56 - 00034059 ____A C:\Windows\KB956744.log
==================== One Month Modified Files and Folders ========
2013-07-09 18:14 - 2011-12-29 17:37 - 00000000 ____D C:\allewebprojekte
2013-07-09 18:13 - 2009-03-04 13:42 - 00000000 ____A C:\Windows\System32\nmp.log
2013-07-09 18:12 - 2010-02-08 13:58 - 01083310 ____A C:\Windows\WindowsUpdate.log
2013-07-09 18:12 - 2010-02-02 12:22 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-09 18:12 - 2009-03-04 13:49 - 00182038 ____A C:\Windows\System32\nvapps.xml
2013-07-09 18:12 - 2009-03-04 13:34 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 18:12 - 2009-03-04 13:20 - 00000159 ____A C:\Windows\wiadebug.log
2013-07-09 18:12 - 2009-03-04 13:20 - 00000050 ____A C:\Windows\wiaservc.log
2013-07-09 12:42 - 2010-02-02 12:22 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-09 12:27 - 2012-04-09 12:41 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 22:53 - 2009-03-04 13:34 - 00032400 ____A C:\Windows\SchedLgU.Txt
2013-07-08 12:43 - 2013-07-05 21:45 - 00000000 ____D C:\JRT
2013-07-08 12:39 - 2013-07-08 12:39 - 00001305 ____A C:\AdwCleaner[S4].txt
2013-07-08 12:34 - 2012-09-12 10:50 - 00000000 __HDC C:\Windows\$NtUninstallKB2736233$
2013-07-08 12:25 - 2009-03-04 13:18 - 00000000 ___RD C:\Programme
2013-07-08 11:04 - 2013-07-08 11:04 - 00017690 ____A C:\ComboFix.txt
2013-07-08 11:04 - 2013-07-08 10:45 - 00000000 ____D C:\Qoobox
2013-07-08 11:03 - 2013-07-08 10:45 - 00000000 ____D C:\Windows\erdnt
2013-07-08 11:00 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\System32\Restore
2013-07-08 11:00 - 2008-04-14 14:00 - 00000227 ____A C:\Windows\system.ini
2013-07-08 10:59 - 2009-03-04 14:14 - 46399488 ____A C:\Windows\System32\config\software.bak
2013-07-08 10:59 - 2009-03-04 14:14 - 04980736 ____A C:\Windows\System32\config\system.bak
2013-07-08 10:59 - 2009-03-04 14:14 - 00524288 ____A C:\Windows\System32\config\default.bak
2013-07-08 10:59 - 2009-03-04 13:15 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-07-08 10:59 - 2009-03-04 13:15 - 00028672 ____A C:\Windows\System32\config\SAM.bak
2013-07-08 10:58 - 2013-07-08 10:58 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-07-08 10:58 - 2013-07-08 10:58 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2013-07-08 10:52 - 2013-07-08 10:52 - 00000000 RASHD C:\cmdcons
2013-07-08 10:50 - 2013-07-04 21:41 - 00040855 ____A C:\Windows\setupapi.log
2013-07-08 09:52 - 2008-04-14 14:00 - 00013646 ____A C:\Windows\System32\wpa.dbl
2013-07-06 18:38 - 2011-01-11 21:09 - 00000000 ____D C:\Windows\System32\NtmsData
2013-07-06 18:34 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\Registration
2013-07-06 12:21 - 2013-07-06 12:21 - 00001478 ____A C:\AdwCleaner[S3].txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00000364 ____A C:\AdwCleaner[S2].txt
2013-07-06 11:19 - 2013-07-06 11:19 - 00000000 ____D C:\FRST
2013-07-05 22:50 - 2013-07-04 21:42 - 00000060 ____A C:\Windows\setupact.log
2013-07-05 21:46 - 2013-07-05 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 21:16 - 2013-07-05 21:16 - 00029922 ____A C:\AdwCleaner[S1].txt
2013-07-05 21:15 - 2013-07-05 21:15 - 00030024 ____A C:\AdwCleaner[R1].txt
2013-07-05 21:06 - 2009-03-04 14:14 - 00000211 _RASH C:\boot.ini
2013-07-05 21:06 - 2008-04-14 14:00 - 00000664 ____A C:\Windows\win.ini
2013-07-05 19:37 - 2009-05-15 19:54 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-05 18:14 - 2009-03-04 13:15 - 01594864 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-05 15:03 - 2009-03-04 13:18 - 01279496 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 15:00 - 2013-07-05 15:00 - 00012506 ____A C:\Windows\KB2779562.log
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2013-07-05 15:00 - 2013-07-05 15:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2013-07-05 15:00 - 2013-07-05 10:31 - 00021367 ____A C:\Windows\KB2758857.log
2013-07-05 15:00 - 2013-07-05 10:31 - 00021004 ____A C:\Windows\KB2802968.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00123654 ____A C:\Windows\FaxSetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00059069 ____A C:\Windows\ocgen.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00046238 ____A C:\Windows\tsoc.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00038302 ____A C:\Windows\comsetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00022951 ____A C:\Windows\ntdtcsetup.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00018674 ____A C:\Windows\iis6.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00006317 ____A C:\Windows\ocmsn.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00006024 ____A C:\Windows\msgsocm.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00001355 ____A C:\Windows\imsins.log
2013-07-05 15:00 - 2013-07-04 21:48 - 00001355 ____A C:\Windows\imsins.BAK
2013-07-05 15:00 - 2009-03-04 14:25 - 00253254 ____A C:\Windows\System32\TZLog.log
2013-07-05 14:59 - 2013-07-05 14:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-07-05 14:59 - 2013-07-05 10:31 - 00020697 ____A C:\Windows\KB2780091.log
2013-07-05 14:58 - 2013-07-05 14:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2753842-v2$
2013-07-05 14:58 - 2013-07-05 14:57 - 00015709 ____A C:\Windows\KB2753842-v2.log
2013-07-05 14:58 - 2013-07-05 10:30 - 00019923 ____A C:\Windows\KB2719985.log
2013-07-05 14:58 - 2013-07-04 21:48 - 00014614 ____A C:\Windows\updspapi.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00015666 ____A C:\Windows\KB2807986.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00014415 ____A C:\Windows\KB2820197.log
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2013-07-05 14:57 - 2013-07-05 14:57 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2013-07-05 14:57 - 2013-07-05 10:30 - 00020327 ____A C:\Windows\KB2820917.log
2013-07-05 14:57 - 2013-07-05 10:30 - 00019512 ____A C:\Windows\KB2757638.log
2013-07-05 14:57 - 2013-07-05 10:30 - 00019488 ____A C:\Windows\KB2839229.log
2013-07-05 14:57 - 2009-03-04 14:19 - 00000000 ___HD C:\Windows\$hf_mig$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-07-05 14:56 - 2013-07-05 14:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$
2013-07-05 14:56 - 2013-07-05 14:55 - 00014196 ____A C:\Windows\KB2838727-IE8.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019619 ____A C:\Windows\KB2813345.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019495 ____A C:\Windows\KB2749655.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00019070 ____A C:\Windows\KB2661254-v2.log
2013-07-05 14:56 - 2013-07-05 10:30 - 00018650 ____A C:\Windows\KB2727528.log
2013-07-05 14:55 - 2013-07-05 14:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-07-05 14:55 - 2013-07-05 10:29 - 00013004 ____A C:\Windows\KB2829361.log
2013-07-05 14:55 - 2009-09-12 12:09 - 00000000 ____D C:\Windows\ie8updates
2013-07-05 12:57 - 2013-07-05 12:55 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-07-04 22:49 - 2013-07-04 22:49 - 00006220 ____A C:\Windows\KB946648.log
2013-07-04 22:49 - 2013-07-04 22:49 - 00006020 ____A C:\Windows\KB973687.log
2013-07-04 22:13 - 2013-07-04 22:13 - 00000236 ____A C:\Windows\DtcInstall.log
2013-07-04 22:13 - 2013-07-04 22:11 - 00002162 ____A C:\Windows\wmsetup.log
2013-07-04 22:13 - 2013-07-04 21:53 - 00069530 ____A C:\Windows\spupdsvc.log
2013-07-04 22:13 - 2009-03-04 13:31 - 00316640 ____A C:\Windows\WMSysPr9.prx
2013-07-04 22:11 - 2013-07-04 22:11 - 00000187 ____A C:\Windows\spupdsvc.log.1.log
2013-07-04 22:11 - 2012-12-05 13:41 - 00000090 ____A C:\Windows\System32\spupdwxp.log
2013-07-04 22:09 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\security
2013-07-04 22:08 - 2013-07-04 21:41 - 00331707 ____A C:\Windows\svcpack.log
2013-07-04 21:56 - 2013-07-04 21:56 - 00000000 __HDC C:\Windows\$NtUninstallKB956744$
2013-07-04 21:56 - 2013-07-04 13:37 - 00034059 ____A C:\Windows\KB956744.log
2013-07-04 21:53 - 2013-07-04 21:53 - 00000173 ____A C:\Windows\cmsetacl.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000311 ____A C:\Windows\sessmgr.setup.log
2013-07-04 21:52 - 2013-07-04 21:52 - 00000000 ____D C:\Windows\System32\bits
2013-07-04 21:52 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\PeerNet
2013-07-04 21:52 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\Help
2013-07-04 21:49 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\System32\usmt
2013-07-04 21:49 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\srchasst
2013-07-04 21:48 - 2012-12-05 11:51 - 00000000 __HDC C:\Windows\$NtServicePackUninstall$
2013-07-04 21:48 - 2009-03-04 13:41 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-07-04 21:47 - 2013-07-04 21:47 - 00000581 ____A C:\Windows\medctroc.Log
2013-07-04 21:42 - 2013-07-04 21:42 - 00000000 ____A C:\Windows\setuperr.log
2013-07-04 21:16 - 2009-07-28 17:51 - 00000000 ____D C:\Windows\System32\LogFiles
2013-07-04 21:14 - 2009-03-04 14:09 - 00000000 ____D C:\Windows\Provisioning
2013-07-04 20:43 - 2013-07-04 20:43 - 00000000 ____D C:\Windows\pss
2013-07-04 13:38 - 2013-07-04 13:38 - 00003221 ____A C:\Windows\KB935448.log
2013-07-03 13:47 - 2013-03-08 15:19 - 00000000 ____D C:\vue
2013-06-13 10:27 - 2012-04-09 12:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-13 10:27 - 2011-12-28 17:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2008-04-14 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 14:00] - [2008-04-14 14:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
|
|
| Themen zu Webseite bizcoaching öffnet sich ständig ungefragt |
| bizcoaching, download, edition, gefährliche, gelöscht, gen, google, home, installiert, klicke, laufen, links, mögliche, passwörter, problem, runter, scan, scanner, ungefragt, webseite, webseiten, windows, windows xp, xp home, öffnet, öffnet sich ständig |
Linear-Darstellung
