| |
| |||||||
Log-Analyse und Auswertung: Google Redirect VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.07.2013, 21:16
| #1 |
| |  Google Redirect Virus Hallo, ich hoffe sehr das ihr mir helfen könnt. Seit ein paar Wochen werde ich wenn ich über Google etwas suche auf merkwürdige Seiten u.a. ihavenet oder sureonlink weitergeleitet. Allerdings nur bei Firefox. Daraufhin habe ich diesen resetet und einmal Neuinstalliert und für wenige Stunden war der Virus weg, jetzt ist er aber wieder da. Avira genauso wie einige Anti-Malware Programme die ich runtergeladen habe konnten nichts finden. Da ich sowas noch nie gemacht habe hoffe ich das es geklappt hat. Bei Schritt 2 wurde nur die OTL.txt erstellt, die andere Extra.txt nicht. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:49 on 21/07/2013 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 21.07.2013 21:50:24 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 76,87% Memory free 15,79 Gb Paging File | 13,57 Gb Available in Paging File | 85,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 30,66 Gb Free Space | 25,73% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 796,95 Gb Free Space | 85,56% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.21 21:27:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2013.06.18 16:21:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.01.26 19:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.12.06 23:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011.12.06 23:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.07.10 21:16:00 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5ff75dafe0bda546dc6c71d2cb2d5257\IAStorUtil.ni.dll MOD - [2013.07.10 21:16:00 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6e3778958a8bfd03bf0f2f60c4e25623\IAStorCommon.ni.dll MOD - [2013.07.10 20:19:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll MOD - [2013.07.10 20:19:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.10 20:19:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.10 20:19:29 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll MOD - [2013.07.10 20:19:26 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.10 20:19:24 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.10 20:19:23 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.10 20:19:20 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013.06.18 16:21:30 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.12.06 23:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.06.05 00:02:24 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.07.20 14:29:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.07.03 12:35:27 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.10 03:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.12.06 23:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2013.06.05 01:09:44 | 011,833,856 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013.06.04 23:35:04 | 000,608,768 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013.04.24 18:31:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013.02.08 15:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2012.10.10 03:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.07 14:12:50 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2012.01.26 19:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.26 19:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.26 19:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.12.05 22:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.08 12:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.04 14:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp) DRV:64bit: - [2011.03.31 14:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.04.01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet) DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.01.29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl) DRV:64bit: - [2009.01.29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService) DRV:64bit: - [2007.11.02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=760472cd-0b03-4d48-865a-3ffa828c3424&searchtype=ds&q={searchTerms}&installDate=25/06/2013 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=760472cd-0b03-4d48-865a-3ffa828c3424&searchtype=ds&q={searchTerms}&installDate=25/06/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 15 D6 97 16 7C CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=760472cd-0b03-4d48-865a-3ffa828c3424&searchtype=ds&q={searchTerms}&installDate=25/06/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=760472cd-0b03-4d48-865a-3ffa828c3424&searchtype=ds&q={searchTerms}&installDate=25/06/2013 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8081 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.29 20:55:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.29 20:55:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.03 17:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.07.07 11:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\esw1vysc.default-1373189917704\extensions [2013.07.07 11:41:22 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\esw1vysc.default-1373189917704\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.03 12:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.05 11:47:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [icq] C:\Users\***\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKCU..\Run: [Idwkiggzfw] C:\Users\***\AppData\Roaming\eapp3hstm.dll () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B094E8BA-6533-4E0C-B78A-2280D1FC20D6}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.07.04 20:53:20 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.01.21 05:12:58 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.17 04:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{071c340f-f5b5-11e1-9c55-bc5ff447db70}\Shell - "" = AutoRun O33 - MountPoints2\{071c340f-f5b5-11e1-9c55-bc5ff447db70}\Shell\AutoRun\command - "" = F:\setup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.18 17:33:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Atari [2013.07.11 13:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames [2013.07.07 11:30:33 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.07.05 18:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.07.05 18:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.07.05 18:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center [2013.07.05 18:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.07.04 21:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.07.04 21:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.07.04 20:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.07.04 20:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.07.03 12:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.29 20:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.06.28 15:18:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.06.26 15:52:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Steganos VPN [2013.06.26 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steganos [2013.06.26 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OkayFreedom [2013.06.26 15:51:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Steganos [2013.06.26 15:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2013.06.26 15:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFan [2013.06.25 13:45:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2013.06.25 13:45:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy [2013.06.25 13:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.21 21:26:49 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.07.21 21:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.21 10:59:08 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.21 10:59:08 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.21 10:56:07 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.21 10:56:07 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.21 10:56:07 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.21 10:56:07 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.21 10:56:07 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.21 10:52:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.21 10:52:02 | 2064,932,863 | -HS- | M] () -- C:\hiberfil.sys [2013.07.10 20:18:56 | 000,294,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.07 20:46:04 | 000,558,080 | RHS- | M] () -- C:\Users\***\AppData\Roaming\eapp3hstm.dll [2013.07.07 11:30:33 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.07.05 11:28:46 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini [2013.07.04 20:53:20 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.06.26 12:40:15 | 000,005,715 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.21 21:26:49 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.07.07 20:46:04 | 000,558,080 | RHS- | C] () -- C:\Users\***\AppData\Roaming\eapp3hstm.dll [2013.07.05 11:47:41 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.07.05 11:28:45 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini [2013.07.04 20:53:20 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.06.26 12:40:15 | 000,005,715 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.04.16 16:37:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013.04.16 16:37:12 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.03.18 15:09:26 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.10.25 13:06:23 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.10.10 03:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 03:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 03:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.08.03 19:12:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.03 19:11:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.08.03 19:11:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.08.03 19:11:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.08.03 17:02:31 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.08.03 17:02:31 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.07.18 17:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari [2013.07.18 17:26:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.11.04 18:33:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon [2013.05.27 19:33:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2013.01.17 18:33:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ-Profile [2012.10.25 13:07:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ-Tools.de [2013.05.27 23:00:29 | 000,000,000 | ---D | M] -- C:\Users\*** [2012.08.06 19:29:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.08.03 22:37:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2013.04.01 14:01:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Motorola [2013.06.25 13:45:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2012.08.13 20:59:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.02.06 17:05:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2013.06.26 15:52:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steganos [2013.06.26 15:55:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steganos VPN [2012.08.03 19:53:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2013.02.12 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2013.01.21 14:25:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity [2012.11.03 13:06:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Weaverslave ========== Purity Check ========== < End of report > OTL logfile created on: 21.07.2013 21:54:54 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 76,83% Memory free 15,79 Gb Paging File | 13,57 Gb Available in Paging File | 85,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 30,66 Gb Free Space | 25,73% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 796,95 Gb Free Space | 85,56% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.21 21:54:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2013.06.18 16:21:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.01.26 19:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.12.06 23:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011.12.06 23:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.07.10 21:16:00 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5ff75dafe0bda546dc6c71d2cb2d5257\IAStorUtil.ni.dll MOD - [2013.07.10 21:16:00 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6e3778958a8bfd03bf0f2f60c4e25623\IAStorCommon.ni.dll MOD - [2013.07.10 20:19:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll MOD - [2013.07.10 20:19:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.10 20:19:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.10 20:19:29 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll MOD - [2013.07.10 20:19:26 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.10 20:19:24 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.10 20:19:23 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.10 20:19:20 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013.06.18 16:21:30 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.12.06 23:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.06.05 00:02:24 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.07.20 14:29:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.07.03 12:35:27 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.10 03:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.12.06 23:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2013.06.05 01:09:44 | 011,833,856 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013.06.04 23:35:04 | 000,608,768 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013.04.24 18:31:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013.02.08 15:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2012.10.10 03:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.07 14:12:50 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2012.01.26 19:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.26 19:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.26 19:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.12.05 22:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.08 12:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.04 14:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp) DRV:64bit: - [2011.03.31 14:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.04.01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet) DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.01.29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl) DRV:64bit: - [2009.01.29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService) DRV:64bit: - [2007.11.02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=760472cd-0b03-4d48-865a-3ffa828c3424&searchtype=ds&q={searchTerms}&installDate=25/06/2013 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=760472cd-0b03-4d48-865a-3ffa828c3424&searchtype=ds&q={searchTerms}&installDate=25/06/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 15 D6 97 16 7C CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=760472cd-0b03-4d48-865a-3ffa828c3424&searchtype=ds&q={searchTerms}&installDate=25/06/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=760472cd-0b03-4d48-865a-3ffa828c3424&searchtype=ds&q={searchTerms}&installDate=25/06/2013 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8081 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.29 20:55:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.29 20:55:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.03 17:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.07.07 11:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\esw1vysc.default-1373189917704\extensions [2013.07.07 11:41:22 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\esw1vysc.default-1373189917704\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.03 12:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.05 11:47:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [icq] C:\Users\***\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKCU..\Run: [Idwkiggzfw] C:\Users\***\AppData\Roaming\eapp3hstm.dll () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B094E8BA-6533-4E0C-B78A-2280D1FC20D6}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.07.04 20:53:20 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.01.21 05:12:58 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.17 04:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{071c340f-f5b5-11e1-9c55-bc5ff447db70}\Shell - "" = AutoRun O33 - MountPoints2\{071c340f-f5b5-11e1-9c55-bc5ff447db70}\Shell\AutoRun\command - "" = F:\setup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.18 17:33:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Atari [2013.07.11 13:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames [2013.07.07 11:30:33 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.07.05 18:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.07.05 18:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.07.05 18:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center [2013.07.05 18:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.07.04 21:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.07.04 21:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.07.04 20:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.07.04 20:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.07.03 12:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.29 20:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.06.28 15:18:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.06.26 15:52:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Steganos VPN [2013.06.26 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steganos [2013.06.26 15:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OkayFreedom [2013.06.26 15:51:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Steganos [2013.06.26 15:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2013.06.26 15:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFan [2013.06.25 13:45:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2013.06.25 13:45:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy [2013.06.25 13:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.21 21:26:49 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.07.21 21:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.21 10:59:08 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.21 10:59:08 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.21 10:56:07 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.21 10:56:07 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.21 10:56:07 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.21 10:56:07 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.21 10:56:07 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.21 10:52:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.21 10:52:02 | 2064,932,863 | -HS- | M] () -- C:\hiberfil.sys [2013.07.10 20:18:56 | 000,294,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.07 20:46:04 | 000,558,080 | RHS- | M] () -- C:\Users\***\AppData\Roaming\eapp3hstm.dll [2013.07.07 11:30:33 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.07.05 11:28:46 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini [2013.07.04 20:53:20 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.06.26 12:40:15 | 000,005,715 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.21 21:26:49 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.07.07 20:46:04 | 000,558,080 | RHS- | C] () -- C:\Users\***\AppData\Roaming\eapp3hstm.dll [2013.07.05 11:47:41 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.07.05 11:28:45 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini [2013.07.04 20:53:20 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.06.26 12:40:15 | 000,005,715 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.04.16 16:37:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013.04.16 16:37:12 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.03.18 15:09:26 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.10.25 13:06:23 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.10.10 03:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 03:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 03:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.08.03 19:12:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.03 19:11:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.08.03 19:11:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.08.03 19:11:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.08.03 17:02:31 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.08.03 17:02:31 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.07.18 17:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari [2013.07.18 17:26:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.11.04 18:33:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon [2013.05.27 19:33:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2013.01.17 18:33:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ-Profile [2012.10.25 13:07:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ-Tools.de [2013.05.27 23:00:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQM [2012.08.06 19:29:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.08.03 22:37:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2013.04.01 14:01:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Motorola [2013.06.25 13:45:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2012.08.13 20:59:49 | 000,000,000 | ---D | M] -- C:\Users\***AppData\Roaming\OpenOffice.org [2013.02.06 17:05:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2013.06.26 15:52:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steganos [2013.06.26 15:55:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steganos VPN [2012.08.03 19:53:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2013.02.12 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2013.01.21 14:25:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity [2012.11.03 13:06:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Weaverslave ========== Purity Check ========== < End of report > Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-21 22:08:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.CXM0 119,24GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\kwdiipoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033fd000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 606 fffff800033fd02e 17 bytes [44, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077051465 2 bytes [05, 77]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770514bb 2 bytes [05, 77]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077051465 2 bytes [05, 77]
.text C:\Windows\SysWOW64\rundll32.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770514bb 2 bytes [05, 77]
.text ... * 2
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077051465 2 bytes [05, 77]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770514bb 2 bytes [05, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\rundll32.exe [2740:2828] 00000000001ff100
Thread C:\Windows\SysWOW64\rundll32.exe [2740:2832] 00000000001b3a80
Thread C:\Windows\SysWOW64\rundll32.exe [2740:3076] 00000000001b3a10
Thread C:\Windows\SysWOW64\rundll32.exe [2740:5900] 00000000003296b7
Thread C:\Windows\SysWOW64\rundll32.exe [2740:5904] 0000000000326874
Thread C:\Windows\SysWOW64\rundll32.exe [2740:5908] 0000000000326dbc
Thread C:\Windows\SysWOW64\rundll32.exe [2740:5912] 00000000002238ea
---- EOF - GMER 2.1 ----
|
|
21.07.2013, 21:21
| #2 |
| /// the machine /// TB-Ausbilder    | Google Redirect Virus hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
22.07.2013, 09:53
| #3 |
| | Google Redirect VirusFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by *** (administrator) on 22-07-2013 10:47:58
Running from C:\Users\***\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [icq] - C:\Users\***\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-27] (ICQ)
HKCU\...\Run: [Idwkiggzfw] - rundll32 "C:\Users\***\AppData\Roaming\eapp3hstm.dll",Qqxsskramz [x]
MountPoints2: {071c340f-f5b5-11e1-9c55-bc5ff447db70} - F:\setup.exe -a
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-07-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [676608 2013-06-04] (Advanced Micro Devices, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:8081
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=760472cd-0b03-4d48-865a-3ffa828c3424&searchtype=ds&q={searchTerms}&installDate=25/06/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=760472cd-0b03-4d48-865a-3ffa828c3424&searchtype=ds&q={searchTerms}&installDate=25/06/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=760472cd-0b03-4d48-865a-3ffa828c3424&searchtype=ds&q={searchTerms}&installDate=25/06/2013
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\esw1vysc.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-07-18] (Avira Operations GmbH & Co. KG)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-07-18] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-07-18] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-07-18] (Avira GmbH)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2012-02-07] (Logitech Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-22 10:47 - 2013-07-22 10:47 - 00023741 _____ C:\Users\***\Downloads\FRST.txt
2013-07-22 10:47 - 2013-07-22 10:47 - 00019833 _____ C:\Users\***\Downloads\Addition.txt
2013-07-22 10:46 - 2013-07-22 10:46 - 01779363 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-22 10:46 - 2013-07-22 10:46 - 00000000 ____D C:\FRST
2013-07-22 10:43 - 2013-07-22 10:43 - 00001124 _____ C:\Windows\PFRO.log
2013-07-21 22:08 - 2013-07-21 22:08 - 00003409 _____ C:\Users\***\Downloads\Gmer.txt
2013-07-21 21:58 - 2013-07-21 21:58 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-21 21:57 - 2013-07-21 21:57 - 00074734 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-21 21:54 - 2013-07-21 21:54 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-21 21:26 - 2013-07-21 21:49 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-21 21:26 - 2013-07-21 21:26 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-21 21:25 - 2013-07-21 21:25 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-18 17:33 - 2013-07-18 17:33 - 00000000 ____D C:\Users\***\AppData\Roaming\Atari
2013-07-11 23:07 - 2013-07-22 10:43 - 00001120 _____ C:\Windows\setupact.log
2013-07-11 23:07 - 2013-07-11 23:07 - 00000000 _____ C:\Windows\setuperr.log
2013-07-11 13:53 - 2013-07-11 13:53 - 00000000 ____D C:\Program Files (x86)\Infogrames
2013-07-10 19:15 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 19:15 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 19:15 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 19:15 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 19:15 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 19:15 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 19:15 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 19:15 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 19:15 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 11:01 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 11:01 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 11:01 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 11:01 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 11:00 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 11:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 11:00 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-07 20:46 - 2013-07-07 20:46 - 00558080 __RSH C:\Users\***\AppData\Roaming\eapp3hstm.dll
2013-07-07 11:30 - 2013-07-07 11:30 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-05 18:32 - 2013-07-05 18:32 - 00000000 ____D C:\ProgramData\ATI
2013-07-05 18:32 - 2013-07-05 18:32 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-07-05 18:30 - 2013-07-05 18:30 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-05 11:51 - 2013-07-05 11:51 - 02828552 _____ (AVAST Software) C:\Users\***\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-05 11:28 - 2013-07-05 11:28 - 00000085 _____ C:\Windows\wininit.ini
2013-07-04 21:08 - 2013-07-04 21:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 21:07 - 2013-07-05 11:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 _____ C:\autoexec.bat
2013-07-04 20:52 - 2013-07-04 21:08 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-03 12:35 - 2013-07-05 11:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-29 20:55 - 2013-06-30 13:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-28 15:18 - 2013-06-28 15:18 - 00000000 ____D C:\Windows\system32\appmgmt
2013-06-26 16:29 - 2012-01-18 12:06 - 00152576 _____ (Fighting For Fun) C:\Users\***\Downloads\EA_Keygen.exe
2013-06-26 15:52 - 2013-06-26 15:57 - 00000000 ____D C:\Program Files (x86)\OkayFreedom
2013-06-26 15:52 - 2013-06-26 15:55 - 00000000 ____D C:\Users\***\AppData\Roaming\Steganos VPN
2013-06-26 15:51 - 2013-06-26 15:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Steganos
2013-06-26 15:40 - 2013-06-26 15:48 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-26 15:37 - 2013-06-30 12:58 - 00000000 ____D C:\Program Files (x86)\LyricsFan
2013-06-26 12:40 - 2013-06-26 12:40 - 00005715 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-06-25 13:45 - 2013-07-18 17:26 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Lite
2013-06-25 13:45 - 2013-06-25 13:45 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenCandy
2013-06-25 13:44 - 2013-06-25 13:47 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-06-24 12:31 - 2013-06-24 12:31 - 00000000 ____D C:\Users\***\Downloads\AS_SSD17_Benchmark
==================== One Month Modified Files and Folders =======
2013-07-22 10:47 - 2013-07-22 10:47 - 00023741 _____ C:\Users\***\Downloads\FRST.txt
2013-07-22 10:47 - 2013-07-22 10:47 - 00019833 _____ C:\Users\***\Downloads\Addition.txt
2013-07-22 10:46 - 2013-07-22 10:46 - 01779363 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-22 10:46 - 2013-07-22 10:46 - 00000000 ____D C:\FRST
2013-07-22 10:46 - 2013-01-17 19:43 - 01726762 _____ C:\Windows\WindowsUpdate.log
2013-07-22 10:43 - 2013-07-22 10:43 - 00001124 _____ C:\Windows\PFRO.log
2013-07-22 10:43 - 2013-07-11 23:07 - 00001120 _____ C:\Windows\setupact.log
2013-07-22 10:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-22 00:12 - 2012-11-23 16:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 22:08 - 2013-07-21 22:08 - 00003409 _____ C:\Users\***\Downloads\Gmer.txt
2013-07-21 21:58 - 2013-07-21 21:58 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-21 21:57 - 2013-07-21 21:57 - 00074734 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-21 21:54 - 2013-07-21 21:54 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-21 21:49 - 2013-07-21 21:26 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-21 21:26 - 2013-07-21 21:26 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-21 21:26 - 2012-08-03 16:59 - 00000000 ____D C:\Users\***
2013-07-21 21:25 - 2013-07-21 21:25 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-21 12:44 - 2012-08-03 19:38 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-07-21 12:44 - 2012-08-03 19:38 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-21 10:59 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 10:59 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 10:56 - 2009-07-14 19:58 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-07-21 10:56 - 2009-07-14 19:58 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-07-21 10:56 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-20 23:56 - 2012-08-04 13:43 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-20 14:29 - 2012-11-23 16:08 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-20 14:29 - 2012-08-08 11:39 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-20 14:29 - 2012-08-08 11:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-20 14:28 - 2012-08-27 20:47 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-07-18 17:33 - 2013-07-18 17:33 - 00000000 ____D C:\Users\***\AppData\Roaming\Atari
2013-07-18 17:29 - 2013-06-19 20:20 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-18 17:28 - 2012-08-03 17:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-18 17:26 - 2013-06-25 13:45 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Lite
2013-07-17 23:00 - 2012-11-23 16:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-17 23:00 - 2012-08-04 13:43 - 00000000 ____D C:\ProgramData\Skype
2013-07-11 23:07 - 2013-07-11 23:07 - 00000000 _____ C:\Windows\setuperr.log
2013-07-11 14:06 - 2012-08-03 17:55 - 00000000 ____D C:\Windows\Panther
2013-07-11 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-11 13:53 - 2013-07-11 13:53 - 00000000 ____D C:\Program Files (x86)\Infogrames
2013-07-10 20:18 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 20:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 20:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 20:18 - 2009-07-14 06:45 - 00294112 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 19:16 - 2012-08-03 17:16 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-07 20:46 - 2013-07-07 20:46 - 00558080 __RSH C:\Users\***\AppData\Roaming\eapp3hstm.dll
2013-07-07 11:30 - 2013-07-07 11:30 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-06 12:24 - 2012-08-03 17:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 18:32 - 2013-07-05 18:32 - 00000000 ____D C:\ProgramData\ATI
2013-07-05 18:32 - 2013-07-05 18:32 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-07-05 18:32 - 2012-08-03 19:12 - 00000000 ____D C:\ProgramData\AMD
2013-07-05 18:31 - 2012-08-03 19:10 - 00000000 ____D C:\Program Files\ATI Technologies
2013-07-05 18:30 - 2013-07-05 18:30 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-05 18:29 - 2012-08-16 16:39 - 00000000 ____D C:\AMD
2013-07-05 11:51 - 2013-07-05 11:51 - 02828552 _____ (AVAST Software) C:\Users\***\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-05 11:47 - 2013-07-03 12:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-05 11:32 - 2013-07-04 21:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-05 11:28 - 2013-07-05 11:28 - 00000085 _____ C:\Windows\wininit.ini
2013-07-04 21:12 - 2013-07-04 21:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 21:08 - 2013-07-04 20:52 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 _____ C:\autoexec.bat
2013-06-30 13:29 - 2013-06-29 20:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-30 12:58 - 2013-06-26 15:37 - 00000000 ____D C:\Program Files (x86)\LyricsFan
2013-06-28 15:18 - 2013-06-28 15:18 - 00000000 ____D C:\Windows\system32\appmgmt
2013-06-28 15:16 - 2013-06-19 20:24 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2013-06-26 15:57 - 2013-06-26 15:52 - 00000000 ____D C:\Program Files (x86)\OkayFreedom
2013-06-26 15:55 - 2013-06-26 15:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Steganos VPN
2013-06-26 15:52 - 2013-06-26 15:51 - 00000000 ____D C:\Users\***\AppData\Roaming\Steganos
2013-06-26 15:48 - 2013-06-26 15:40 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-26 12:40 - 2013-06-26 12:40 - 00005715 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-06-26 12:40 - 2013-06-17 13:45 - 00000000 ____D C:\Users\***\.gimp-2.8
2013-06-25 13:47 - 2013-06-25 13:44 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-06-25 13:45 - 2013-06-25 13:45 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenCandy
2013-06-24 12:31 - 2013-06-24 12:31 - 00000000 ____D C:\Users\***\Downloads\AS_SSD17_Benchmark
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-14 16:12
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2013
Ran by ***at 2013-07-22 10:47:01
Running from C:\Users\***\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
AMD Accelerated Video Transcoding (Version: 13.10.100.30604)
AMD APP SDK Runtime (Version: 10.0.1124.2)
AMD Catalyst Control Center (x32 Version: 2013.0604.1838.31590)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80604.1838)
AMD Wireless Display v3.0 (Version: 1.0.0.12)
ANNO 1404 - Königsedition (x32 Version: 3.10.0000)
ANNO 2070 (x32 Version: 1.0.0.0)
Application Profiles (x32 Version: 2.0.4854.34117)
Avira Free Antivirus (x32 Version: 12.1.9.2400)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0604.1838.31590)
Catalyst Control Center InstallProxy (x32 Version: 2013.0604.1838.31590)
Catalyst Control Center Localization All (x32 Version: 2013.0604.1838.31590)
CCC Help Chinese Standard (x32 Version: 2013.0604.1837.31590)
CCC Help Chinese Traditional (x32 Version: 2013.0604.1837.31590)
CCC Help Czech (x32 Version: 2013.0604.1837.31590)
CCC Help Danish (x32 Version: 2013.0604.1837.31590)
CCC Help Dutch (x32 Version: 2013.0604.1837.31590)
CCC Help English (x32 Version: 2013.0604.1837.31590)
CCC Help Finnish (x32 Version: 2013.0604.1837.31590)
CCC Help French (x32 Version: 2013.0604.1837.31590)
CCC Help German (x32 Version: 2013.0604.1837.31590)
CCC Help Greek (x32 Version: 2013.0604.1837.31590)
CCC Help Hungarian (x32 Version: 2013.0604.1837.31590)
CCC Help Italian (x32 Version: 2013.0604.1837.31590)
CCC Help Japanese (x32 Version: 2013.0604.1837.31590)
CCC Help Korean (x32 Version: 2013.0604.1837.31590)
CCC Help Norwegian (x32 Version: 2013.0604.1837.31590)
CCC Help Polish (x32 Version: 2013.0604.1837.31590)
CCC Help Portuguese (x32 Version: 2013.0604.1837.31590)
CCC Help Russian (x32 Version: 2013.0604.1837.31590)
CCC Help Spanish (x32 Version: 2013.0604.1837.31590)
CCC Help Swedish (x32 Version: 2013.0604.1837.31590)
CCC Help Thai (x32 Version: 2013.0604.1837.31590)
CCC Help Turkish (x32 Version: 2013.0604.1837.31590)
ccc-utility64 (Version: 2013.0604.1838.31590)
CPUID HWMonitor 1.20
Die Sims 2 (x32)
Die Sims 2: Family Fun - Accessoires (x32)
Die Sims 2: Nightlife (x32)
Die Sims 2: Open For Business (x32)
Die Sims 2: Wilde Campus-Jahre (x32)
Die Sims™ 2 Haustiere (x32)
Die Sims™ 2 Vier Jahreszeiten (x32)
Die Sims™ 2: Glamour-Accessoires (x32)
eaner (Version: 3.21)
eReg (x32 Version: 1.20.138.34)
Fried Cookie Updater (x32 Version: 1.0.0.0)
GIMP 2.8.4 (Version: 2.8.4)
Guild Wars 2 (x32)
ICQ 8.0 (build 6017) (HKCU Version: 8.0.6017.0)
Intel(R) Management Engine Components (x32 Version: 8.0.2.1410)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2867)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)
League of Legends (x32 Version: 1.3)
Logitech Gaming Software (Version: 8.30.86)
Logitech Gaming Software 8.30 (Version: 8.30.86)
Logitech SetPoint 6.32 (Version: 6.32.20)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
MotoHelper 2.1.32 Driver 5.4.0 (x32 Version: 2.1.32)
MotoHelper MergeModules (x32 Version: 1.2.0)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
OpenOffice.org 3.4 (x32 Version: 3.4.9590)
Pando Media Booster (x32 Version: 2.6.0.8)
PhotoScape (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6482)
Skype™ 6.6 (x32 Version: 6.6.106)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Uplay (x32 Version: 2.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
==================== Restore Points =========================
11-07-2013 12:04:50 Entfernt RollerCoaster Tycoon 2
16-07-2013 10:16:53 Windows Update
18-07-2013 15:28:37 Installed RollerCoaster Tycoon® 3
18-07-2013 17:08:00 Removed RollerCoaster Tycoon® 3
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {091A1959-D686-4A37-88B3-22A0BAAF7139} - System32\Tasks\Fried Cookie Update => C:\Program Files (x86)\Fried Cookie\Updater\Updater.exe [2012-06-03] (FriedCookie)
Task: {65D9BA93-9087-4EB9-8183-F966077383C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20] (Adobe Systems Incorporated)
Task: {8532709E-EBF4-44BB-BDA8-21B980FDD527} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {888ACB25-3B21-4893-90C1-4C4485F26B4F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {A86D1103-BC8E-46AB-908E-6CC4952425E3} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {B3D139B9-0E52-4EED-8334-D0B5142E6B8F} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {B68B2B78-58B7-4E89-905C-5B746533D699} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {C3D31419-9AA9-4E20-ACF3-263B0E86ECB5} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/18/2013 05:35:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: RCT3.exe, Version: 3.0.12.38, Zeitstempel: 0x416682b3
Name des fehlerhaften Moduls: RCT3.exe, Version: 3.0.12.38, Zeitstempel: 0x416682b3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0040e25d
ID des fehlerhaften Prozesses: 0x1b4c
Startzeit der fehlerhaften Anwendung: 0xRCT3.exe0
Pfad der fehlerhaften Anwendung: RCT3.exe1
Pfad des fehlerhaften Moduls: RCT3.exe2
Berichtskennung: RCT3.exe3
Error: (07/18/2013 05:33:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: RCT3.exe, Version: 3.0.12.38, Zeitstempel: 0x416682b3
Name des fehlerhaften Moduls: RCT3.exe, Version: 3.0.12.38, Zeitstempel: 0x416682b3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0040e25d
ID des fehlerhaften Prozesses: 0x1a44
Startzeit der fehlerhaften Anwendung: 0xRCT3.exe0
Pfad der fehlerhaften Anwendung: RCT3.exe1
Pfad des fehlerhaften Moduls: RCT3.exe2
Berichtskennung: RCT3.exe3
Error: (07/05/2013 11:22:08 AM) (Source: Application Hang) (User: )
Description: Programm SDFiles.exe, Version 2.1.18.135 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 430
Startzeit: 01ce79610f94ec3b
Endzeit: 2
Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe
Berichts-ID: 5b2fdcae-e554-11e2-a46c-bc5ff447db70
Error: (06/25/2013 09:47:09 PM) (Source: Application Hang) (User: )
Description: Programm Steam.exe, Version 1.78.87.58 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1a94
Startzeit: 01ce71dcbd5ec0d1
Endzeit: 2
Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe
Berichts-ID: 04048bde-ddd0-11e2-846a-bc5ff447db70
Error: (06/14/2013 00:00:04 AM) (Source: Application Hang) (User: )
Description: Programm Gw2.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e00
Startzeit: 01ce686da3a62ba0
Endzeit: 153
Anwendungspfad: C:\Program Files (x86)\Guild Wars 2\Gw2.exe
Berichts-ID: 985853f6-d474-11e2-b57d-bc5ff447db70
Error: (06/08/2013 11:25:04 PM) (Source: Application Hang) (User: )
Description: Programm League of Legends.exe, Version 3.7.0.328 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1930
Startzeit: 01ce648e834b21ed
Endzeit: 16
Anwendungspfad: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.232\deploy\League of Legends.exe
Berichts-ID:
Error: (05/27/2013 11:05:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ICQ7.exe, Version: 14.0.0.162, Zeitstempel: 0x4626b2f4
Name des fehlerhaften Moduls: MoveIt.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4fa119ef
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6b84cfde
ID des fehlerhaften Prozesses: 0x152c
Startzeit der fehlerhaften Anwendung: 0xICQ7.exe0
Pfad der fehlerhaften Anwendung: ICQ7.exe1
Pfad des fehlerhaften Moduls: ICQ7.exe2
Berichtskennung: ICQ7.exe3
Error: (05/04/2013 03:24:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847, Zeitstempel: 0x51650aee
Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847, Zeitstempel: 0x51650a09
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b10e8
ID des fehlerhaften Prozesses: 0xa6c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (04/26/2013 11:59:25 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU the creation of a class has failed
Error: (04/16/2013 07:50:32 PM) (Source: MsiInstaller) (User: ***-PC)
Description: Product: Motorola Mobile Drivers Installation 5.2.0 -- Unable to install because a newer version of this product is already installed.
System errors:
=============
Error: (07/11/2013 11:08:15 PM) (Source: NetBT) (User: )
Description: Der Name "***-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.100
registriert werden. Der Computer mit IP-Adresse 192.168.2.104 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (07/11/2013 11:07:58 PM) (Source: NetBT) (User: )
Description: Der Name "***-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.100
registriert werden. Der Computer mit IP-Adresse 192.168.2.104 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (07/11/2013 11:07:58 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{B094E8BA-6533-4E0C-B78A-2280D1FC20D6} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (07/11/2013 11:07:57 PM) (Source: NetBT) (User: )
Description: Der Name "***-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.100
registriert werden. Der Computer mit IP-Adresse 192.168.2.104 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (07/07/2013 09:50:01 PM) (Source: DCOM) (User: ***-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}***-PC***S-1-5-21-544980805-664143180-42844824-1000LocalHost (unter Verwendung von LRPC)
Error: (07/06/2013 00:28:59 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B094E8BA-6533-4E0C-B78A-2280D1FC20D6}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (07/06/2013 00:25:59 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B094E8BA-6533-4E0C-B78A-2280D1FC20D6}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (07/05/2013 11:56:26 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B094E8BA-6533-4E0C-B78A-2280D1FC20D6}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (07/05/2013 11:44:25 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B094E8BA-6533-4E0C-B78A-2280D1FC20D6}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (07/05/2013 10:47:20 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B094E8BA-6533-4E0C-B78A-2280D1FC20D6}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Microsoft Office Sessions:
=========================
Error: (07/18/2013 05:35:15 PM) (Source: Application Error)(User: )
Description: RCT3.exe3.0.12.38416682b3RCT3.exe3.0.12.38416682b3c00000050040e25d1b4c01ce83cc663cfc67C:\Users\***\Downloads\RCT3.exeC:\Users\***\Downloads\RCT3.exea443c632-efbf-11e2-8c16-bc5ff447db70
Error: (07/18/2013 05:33:57 PM) (Source: Application Error)(User: )
Description: RCT3.exe3.0.12.38416682b3RCT3.exe3.0.12.38416682b3c00000050040e25d1a4401ce83cc35b7c617C:\Users\***\Downloads\RCT3.exeC:\Users\***\Downloads\RCT3.exe75ae8045-efbf-11e2-8c16-bc5ff447db70
Error: (07/05/2013 11:22:08 AM) (Source: Application Hang)(User: )
Description: SDFiles.exe2.1.18.13543001ce79610f94ec3b2C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe5b2fdcae-e554-11e2-a46c-bc5ff447db70
Error: (06/25/2013 09:47:09 PM) (Source: Application Hang)(User: )
Description: Steam.exe1.78.87.581a9401ce71dcbd5ec0d12C:\Program Files (x86)\Steam\Steam.exe04048bde-ddd0-11e2-846a-bc5ff447db70
Error: (06/14/2013 00:00:04 AM) (Source: Application Hang)(User: )
Description: Gw2.exe1.0.0.1e0001ce686da3a62ba0153C:\Program Files (x86)\Guild Wars 2\Gw2.exe985853f6-d474-11e2-b57d-bc5ff447db70
Error: (06/08/2013 11:25:04 PM) (Source: Application Hang)(User: )
Description: League of Legends.exe3.7.0.328193001ce648e834b21ed16C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.232\deploy\League of Legends.exe
Error: (05/27/2013 11:05:54 PM) (Source: Application Error)(User: )
Description: ICQ7.exe14.0.0.1624626b2f4MoveIt.dll_unloaded0.0.0.04fa119efc00000056b84cfde152c01ce5b1ddf98891fC:\Users\***\AppData\Local\Temp\{214498CD-0CFD-4CD1-8284-61B0D4442091}\ICQ7.exeMoveIt.dll37aaba5a-c711-11e2-bd1b-bc5ff447db70
Error: (05/04/2013 03:24:37 PM) (Source: Application Error)(User: )
Description: firefox.exe20.0.1.484751650aeexul.dll20.0.1.484751650a09c0000005000b10e8a6c01ce48b48892f2deC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllf7027636-b4bd-11e2-a3dd-bc5ff447db70
Error: (04/26/2013 11:59:25 AM) (Source: ATIeRecord)(User: )
Description:
Error: (04/16/2013 07:50:32 PM) (Source: MsiInstaller)(User: ***-PC)
Description: Product: Motorola Mobile Drivers Installation 5.2.0 -- Unable to install because a newer version of this product is already installed.(NULL)(NULL)(NULL)(NULL)(NULL)
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 8087.03 MB
Available physical RAM: 5987.54 MB
Total Pagefile: 16172.25 MB
Available Pagefile: 13815.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:30.37 GB) NTFS (Disk=0 Partition=2)
Drive e: (Tomoko) (Fixed) (Total:931.51 GB) (Free:796.95 GB) NTFS (Disk=1 Partition=1)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 4A52BF3A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 00230475)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
22.07.2013, 10:49
| #4 | |
| /// the machine /// TB-Ausbilder | Google Redirect VirusCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2013, 17:18
| #5 |
| | Google Redirect VirusCode:
ATTFilter ComboFix 13-07-22.01 - *** 22.07.2013 18:14:48.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8087.6303 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\eapp3hstm.dll
c:\windows\wininit.ini
E:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-22 bis 2013-07-22 ))))))))))))))))))))))))))))))
.
.
2013-07-22 16:17 . 2013-07-22 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-22 08:46 . 2013-07-22 08:46 -------- d-----w- C:\FRST
2013-07-19 10:14 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F6BF7F0-60FC-4E12-80D4-18AA4FD0909A}\mpengine.dll
2013-07-18 15:33 . 2013-07-18 15:33 -------- d-----w- c:\users\***\AppData\Roaming\Atari
2013-07-11 11:53 . 2013-07-11 11:53 -------- d-----w- c:\program files (x86)\Infogrames
2013-07-10 09:01 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 09:01 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 09:01 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 09:01 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 09:01 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 09:01 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 09:01 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 09:01 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 09:01 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 09:01 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 09:01 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 09:00 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 09:00 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 09:00 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 09:00 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 09:00 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 09:00 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 09:00 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 09:00 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-07 09:30 . 2013-07-07 09:30 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-07-05 16:32 . 2013-07-05 16:32 -------- d-----w- c:\programdata\ATI
2013-07-05 16:32 . 2013-07-05 16:32 -------- d-----w- c:\program files (x86)\AMD AVT
2013-07-05 16:30 . 2013-07-05 16:30 -------- d-----w- c:\programdata\Package Cache
2013-07-04 19:08 . 2013-07-04 19:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-07-04 19:07 . 2013-07-05 09:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-07-04 18:53 . 2013-07-04 18:53 -------- d-----w- c:\program files\Enigma Software Group
2013-07-04 18:52 . 2013-07-04 19:08 -------- d-----w- c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-04 18:52 . 2013-07-04 18:52 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-29 18:55 . 2013-06-30 11:29 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-06-28 13:18 . 2013-06-28 13:18 -------- d-----w- c:\windows\system32\appmgmt
2013-06-26 13:52 . 2013-06-26 13:55 -------- d-----w- c:\users\***\AppData\Roaming\Steganos VPN
2013-06-26 13:52 . 2013-06-26 13:57 -------- d-----w- c:\program files (x86)\OkayFreedom
2013-06-26 13:52 . 2013-06-26 13:52 -------- d-----w- c:\program files (x86)\Common Files\Steganos
2013-06-26 13:51 . 2013-06-26 13:52 -------- d-----w- c:\users\***\AppData\Roaming\Steganos
2013-06-26 13:40 . 2013-06-26 13:48 -------- d-----w- c:\program files (x86)\JDownloader
2013-06-26 13:37 . 2013-06-30 10:58 -------- d-----w- c:\program files (x86)\LyricsFan
2013-06-25 11:45 . 2013-07-18 15:26 -------- d-----w- c:\users\***\AppData\Roaming\DAEMON Tools Lite
2013-06-25 11:45 . 2013-06-25 11:45 -------- d-----w- c:\users\***\AppData\Roaming\OpenCandy
2013-06-25 11:44 . 2013-06-25 11:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-20 12:29 . 2012-08-08 09:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-20 12:29 . 2012-08-08 09:39 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-10 17:16 . 2012-08-03 15:16 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-04 23:12 . 2013-06-04 23:12 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-06-04 23:12 . 2013-06-04 23:12 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-06-04 23:12 . 2013-06-04 23:12 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-06-04 23:12 . 2013-06-04 23:12 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-06-04 23:12 . 2012-04-06 01:09 139696 ----a-w- c:\windows\system32\atiuxp64.dll
2013-06-04 23:12 . 2012-04-06 01:09 123216 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-06-04 23:12 . 2013-04-16 14:53 113464 ----a-w- c:\windows\system32\atiu9p64.dll
2013-06-04 23:12 . 2012-12-19 19:30 97448 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-06-04 23:11 . 2012-04-06 02:20 1182056 ----a-w- c:\windows\system32\aticfx64.dll
2013-06-04 23:11 . 2012-04-06 02:21 990976 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-06-04 23:11 . 2012-04-06 01:54 8431232 ----a-w- c:\windows\system32\atidxx64.dll
2013-06-04 23:11 . 2012-09-28 01:39 7378560 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-06-04 23:11 . 2013-04-16 14:53 4415256 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-06-04 23:11 . 2013-04-16 14:53 5963328 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-06-04 23:11 . 2013-04-16 14:53 4957536 ----a-w- c:\windows\system32\atiumd6a.dll
2013-06-04 23:11 . 2013-04-16 14:53 6984088 ----a-w- c:\windows\system32\atiumd64.dll
2013-06-04 23:09 . 2013-06-04 23:09 11833856 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-06-04 22:51 . 2013-06-04 22:51 229376 ----a-w- c:\windows\system32\clinfo.exe
2013-06-04 22:51 . 2013-06-04 22:51 98304 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-06-04 22:50 . 2013-06-04 22:50 82944 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-06-04 22:50 . 2013-06-04 22:50 86016 ----a-w- c:\windows\system32\OVDecode64.dll
2013-06-04 22:50 . 2013-06-04 22:50 72704 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-06-04 22:50 . 2013-06-04 22:50 27800576 ----a-w- c:\windows\system32\amdocl64.dll
2013-06-04 22:48 . 2013-06-04 22:48 23421440 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-06-04 22:46 . 2013-06-04 22:46 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-04 22:46 . 2013-06-04 22:46 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-06-04 22:33 . 2012-04-06 02:10 24250880 ----a-w- c:\windows\system32\atio6axx.dll
2013-06-04 22:27 . 2013-06-04 22:27 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-06-04 22:25 . 2013-06-04 22:25 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2013-06-04 22:25 . 2013-06-04 22:25 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-06-04 22:25 . 2013-06-04 22:25 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2013-06-04 22:25 . 2013-06-04 22:25 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-06-04 22:25 . 2013-06-04 22:25 118784 ----a-w- c:\windows\system32\coinst_13.101.dll
2013-06-04 22:24 . 2013-06-04 22:24 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2013-06-04 22:20 . 2013-06-04 22:20 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-06-04 22:13 . 2013-06-04 22:13 19906560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-06-04 22:03 . 2013-04-16 14:03 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-06-04 22:03 . 2013-06-04 22:03 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-06-04 22:03 . 2013-06-04 22:03 562688 ----a-w- c:\windows\system32\atieclxx.exe
2013-06-04 22:02 . 2013-06-04 22:02 241152 ----a-w- c:\windows\system32\atiesrxx.exe
2013-06-04 22:00 . 2013-06-04 22:00 120320 ----a-w- c:\windows\system32\atitmm64.dll
2013-06-04 22:00 . 2013-06-04 22:00 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-06-04 22:00 . 2013-06-04 22:00 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-06-04 21:36 . 2013-06-04 21:36 95232 ----a-w- c:\windows\system32\amdave64.dll
2013-06-04 21:35 . 2013-06-04 21:35 89600 ----a-w- c:\windows\SysWow64\amdave32.dll
2013-06-04 21:35 . 2012-04-06 01:11 594944 ----a-w- c:\windows\system32\atiadlxx.dll
2013-06-04 21:35 . 2013-06-04 21:35 419840 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-06-04 21:35 . 2013-06-04 21:35 89088 ----a-w- c:\windows\system32\atisamu64.dll
2013-06-04 21:35 . 2013-06-04 21:35 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2013-06-04 21:35 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2013-06-04 21:35 . 2013-06-04 21:35 15872 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-06-04 21:35 . 2013-06-04 21:35 15872 ----a-w- c:\windows\system32\atiglpxx.dll
2013-06-04 21:35 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2013-06-04 21:35 . 2013-06-04 21:35 36352 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-06-04 21:35 . 2013-06-04 21:35 608768 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-06-04 21:31 . 2013-06-04 21:31 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-05-13 05:51 . 2013-06-12 09:02 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 09:02 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 09:02 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 09:02 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 09:02 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 09:02 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 09:02 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 09:02 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 09:02 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 09:02 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 09:02 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 09:02 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 09:02 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2012-08-03 15:29 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-12 09:02 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 09:02 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 09:02 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-04-24 16:31 . 2013-04-24 16:31 96768 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2013-04-24 16:30 . 2013-04-24 16:30 110080 ----a-w- c:\windows\system32\DelayAPO.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\users\***\AppData\Roaming\ICQM\icq.exe" [2013-05-27 27598184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-06-04 676608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 12:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:8081
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=760472cd-0b03-4d48-865a-3ffa828c3424&searchtype=ds&q={searchTerms}&installDate=25/06/2013
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\esw1vysc.default-1373189917704\
FF - ExtSQL: 2013-07-07 11:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\esw1vysc.default-1373189917704\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Idwkiggzfw - c:\users\***\AppData\Roaming\eapp3hstm.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-22 18:18:04
ComboFix-quarantined-files.txt 2013-07-22 16:18
.
Vor Suchlauf: 13 Verzeichnis(se), 39.633.768.448 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 39.335.378.944 Bytes frei
.
- - End Of File - - 88A2923F6008C8C64F80C59994EC624B
D41D8CD98F00B204E9800998ECF8427E
|
|
22.07.2013, 17:47
| #6 |
| /// the machine /// TB-Ausbilder | Google Redirect Virus Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Google Redirect Virus |
|
22.07.2013, 21:05
| #7 |
| | Google Redirect VirusCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.0 (07.21.2013:1)
OS: Windows 7 Ultimate x64
Ran by ***on 22.07.2013 at 21:17:26,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-544980805-664143180-42844824-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\esw1vysc.default-1373189917704\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.07.2013 at 21:19:50,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.306 - Datei am 22/07/2013 um 21:14:18 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : ***- ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\LyricsFan
Ordner Gelöscht : C:\Users\***\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsWoofer
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\esw1vysc.default-1373189917704\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2090 octets] - [22/07/2013 21:14:18]
########## EOF - C:\AdwCleaner[S1].txt - [2150 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01
Ran by ***(administrator) on 22-07-2013 21:58:37
Running from C:\Users\***\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [icq] - C:\Users\***\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-27] (ICQ)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-07-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [676608 2013-06-04] (Advanced Micro Devices, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:8081
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\esw1vysc.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-07-18] (Avira Operations GmbH & Co. KG)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-07-18] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-07-18] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-07-18] (Avira GmbH)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2012-02-07] (Logitech Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-22 21:58 - 2013-07-22 21:58 - 01779447 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-22 21:19 - 2013-07-22 21:19 - 00002170 _____ C:\Users\***\Desktop\JRT.txt
2013-07-22 21:17 - 2013-07-22 21:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 21:16 - 2013-07-22 21:16 - 00560639 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-22 21:16 - 2013-07-22 21:16 - 00002215 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-22 21:14 - 2013-07-22 21:14 - 00002215 _____ C:\AdwCleaner[S1].txt
2013-07-22 21:13 - 2013-07-22 21:13 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-22 18:18 - 2013-07-22 18:18 - 00024764 _____ C:\ComboFix.txt
2013-07-22 18:13 - 2013-07-22 18:18 - 00000000 ____D C:\Qoobox
2013-07-22 18:13 - 2013-07-22 18:17 - 00000000 ____D C:\Windows\erdnt
2013-07-22 18:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-22 18:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-22 18:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-22 18:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-22 18:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-22 18:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-22 18:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-22 18:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-22 18:12 - 2013-07-22 18:13 - 05091940 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-22 10:47 - 2013-07-22 10:47 - 00019833 _____ C:\Users\***\Downloads\Addition.txt
2013-07-22 10:46 - 2013-07-22 10:46 - 00000000 ____D C:\FRST
2013-07-22 10:43 - 2013-07-22 21:15 - 00001670 _____ C:\Windows\PFRO.log
2013-07-21 22:08 - 2013-07-21 22:08 - 00003409 _____ C:\Users\***\Downloads\Gmer.txt
2013-07-21 21:58 - 2013-07-21 21:58 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-21 21:57 - 2013-07-21 21:57 - 00074734 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-21 21:54 - 2013-07-21 21:54 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-21 21:26 - 2013-07-21 21:49 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-21 21:26 - 2013-07-21 21:26 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-21 21:25 - 2013-07-21 21:25 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-18 17:33 - 2013-07-18 17:33 - 00000000 ____D C:\Users\***\AppData\Roaming\Atari
2013-07-11 23:07 - 2013-07-22 21:15 - 00001232 _____ C:\Windows\setupact.log
2013-07-11 23:07 - 2013-07-11 23:07 - 00000000 _____ C:\Windows\setuperr.log
2013-07-11 13:53 - 2013-07-11 13:53 - 00000000 ____D C:\Program Files (x86)\Infogrames
2013-07-10 19:15 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 19:15 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 19:15 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 19:15 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 19:15 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 19:15 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 19:15 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 19:15 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 19:15 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 11:01 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 11:01 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 11:01 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 11:01 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 11:00 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 11:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 11:00 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-07 11:30 - 2013-07-07 11:30 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-05 18:32 - 2013-07-05 18:32 - 00000000 ____D C:\ProgramData\ATI
2013-07-05 18:32 - 2013-07-05 18:32 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-07-05 18:30 - 2013-07-05 18:30 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-05 11:51 - 2013-07-05 11:51 - 02828552 _____ (AVAST Software) C:\Users\***\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-04 21:08 - 2013-07-04 21:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 21:07 - 2013-07-05 11:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 _____ C:\autoexec.bat
2013-07-04 20:52 - 2013-07-04 21:08 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-03 12:35 - 2013-07-05 11:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-29 20:55 - 2013-06-30 13:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-28 15:18 - 2013-06-28 15:18 - 00000000 ____D C:\Windows\system32\appmgmt
2013-06-26 16:29 - 2012-01-18 12:06 - 00152576 _____ (Fighting For Fun) C:\Users\***\Downloads\EA_Keygen.exe
2013-06-26 15:52 - 2013-06-26 15:57 - 00000000 ____D C:\Program Files (x86)\OkayFreedom
2013-06-26 15:52 - 2013-06-26 15:55 - 00000000 ____D C:\Users\***\AppData\Roaming\Steganos VPN
2013-06-26 15:51 - 2013-06-26 15:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Steganos
2013-06-26 15:40 - 2013-06-26 15:48 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-26 12:40 - 2013-06-26 12:40 - 00005715 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-06-25 13:45 - 2013-07-18 17:26 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Lite
2013-06-25 13:44 - 2013-06-25 13:47 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-06-24 12:31 - 2013-06-24 12:31 - 00000000 ____D C:\Users\***\Downloads\AS_SSD17_Benchmark
==================== One Month Modified Files and Folders =======
2013-07-22 21:58 - 2013-07-22 21:58 - 01779447 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-22 21:22 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 21:22 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 21:19 - 2013-07-22 21:19 - 00002170 _____ C:\Users\***\Desktop\JRT.txt
2013-07-22 21:19 - 2009-07-14 19:58 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-07-22 21:19 - 2009-07-14 19:58 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-07-22 21:19 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-22 21:17 - 2013-07-22 21:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 21:16 - 2013-07-22 21:16 - 00560639 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-22 21:16 - 2013-07-22 21:16 - 00002215 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-22 21:15 - 2013-07-22 10:43 - 00001670 _____ C:\Windows\PFRO.log
2013-07-22 21:15 - 2013-07-11 23:07 - 00001232 _____ C:\Windows\setupact.log
2013-07-22 21:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-22 21:14 - 2013-07-22 21:14 - 00002215 _____ C:\AdwCleaner[S1].txt
2013-07-22 21:14 - 2013-01-17 19:43 - 01763704 _____ C:\Windows\WindowsUpdate.log
2013-07-22 21:13 - 2013-07-22 21:13 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-22 21:12 - 2012-11-23 16:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 18:18 - 2013-07-22 18:18 - 00024764 _____ C:\ComboFix.txt
2013-07-22 18:18 - 2013-07-22 18:13 - 00000000 ____D C:\Qoobox
2013-07-22 18:17 - 2013-07-22 18:13 - 00000000 ____D C:\Windows\erdnt
2013-07-22 18:17 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-22 18:13 - 2013-07-22 18:12 - 05091940 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-22 10:47 - 2013-07-22 10:47 - 00019833 _____ C:\Users\***\Downloads\Addition.txt
2013-07-22 10:46 - 2013-07-22 10:46 - 00000000 ____D C:\FRST
2013-07-21 22:08 - 2013-07-21 22:08 - 00003409 _____ C:\Users\***\Downloads\Gmer.txt
2013-07-21 21:58 - 2013-07-21 21:58 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-21 21:57 - 2013-07-21 21:57 - 00074734 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-21 21:54 - 2013-07-21 21:54 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-21 21:49 - 2013-07-21 21:26 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-21 21:26 - 2013-07-21 21:26 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-21 21:26 - 2012-08-03 16:59 - 00000000 ____D C:\Users\***
2013-07-21 21:25 - 2013-07-21 21:25 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-21 12:44 - 2012-08-03 19:38 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-07-21 12:44 - 2012-08-03 19:38 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-20 23:56 - 2012-08-04 13:43 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-20 14:29 - 2012-11-23 16:08 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-20 14:29 - 2012-08-08 11:39 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-20 14:29 - 2012-08-08 11:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-20 14:28 - 2012-08-27 20:47 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-07-18 17:33 - 2013-07-18 17:33 - 00000000 ____D C:\Users\***\AppData\Roaming\Atari
2013-07-18 17:29 - 2013-06-19 20:20 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-18 17:28 - 2012-08-03 17:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-18 17:26 - 2013-06-25 13:45 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Lite
2013-07-17 23:00 - 2012-11-23 16:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-17 23:00 - 2012-08-04 13:43 - 00000000 ____D C:\ProgramData\Skype
2013-07-11 23:07 - 2013-07-11 23:07 - 00000000 _____ C:\Windows\setuperr.log
2013-07-11 14:06 - 2012-08-03 17:55 - 00000000 ____D C:\Windows\Panther
2013-07-11 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-11 13:53 - 2013-07-11 13:53 - 00000000 ____D C:\Program Files (x86)\Infogrames
2013-07-10 20:18 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 20:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 20:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 20:18 - 2009-07-14 06:45 - 00294112 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 19:16 - 2012-08-03 17:16 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-07 11:30 - 2013-07-07 11:30 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-06 12:24 - 2012-08-03 17:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 18:32 - 2013-07-05 18:32 - 00000000 ____D C:\ProgramData\ATI
2013-07-05 18:32 - 2013-07-05 18:32 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-07-05 18:32 - 2012-08-03 19:12 - 00000000 ____D C:\ProgramData\AMD
2013-07-05 18:31 - 2012-08-03 19:10 - 00000000 ____D C:\Program Files\ATI Technologies
2013-07-05 18:30 - 2013-07-05 18:30 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-05 18:29 - 2012-08-16 16:39 - 00000000 ____D C:\AMD
2013-07-05 11:51 - 2013-07-05 11:51 - 02828552 _____ (AVAST Software) C:\Users\***\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-05 11:47 - 2013-07-03 12:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-05 11:32 - 2013-07-04 21:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-04 21:12 - 2013-07-04 21:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 21:08 - 2013-07-04 20:52 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 _____ C:\autoexec.bat
2013-06-30 13:29 - 2013-06-29 20:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-28 15:18 - 2013-06-28 15:18 - 00000000 ____D C:\Windows\system32\appmgmt
2013-06-28 15:16 - 2013-06-19 20:24 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2013-06-26 15:57 - 2013-06-26 15:52 - 00000000 ____D C:\Program Files (x86)\OkayFreedom
2013-06-26 15:55 - 2013-06-26 15:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Steganos VPN
2013-06-26 15:52 - 2013-06-26 15:51 - 00000000 ____D C:\Users\***\AppData\Roaming\Steganos
2013-06-26 15:48 - 2013-06-26 15:40 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-26 12:40 - 2013-06-26 12:40 - 00005715 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-06-26 12:40 - 2013-06-17 13:45 - 00000000 ____D C:\Users\***\.gimp-2.8
2013-06-25 13:47 - 2013-06-25 13:44 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-06-24 12:31 - 2013-06-24 12:31 - 00000000 ____D C:\Users\***\Downloads\AS_SSD17_Benchmark
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-14 16:12
==================== End Of Log ============================
--- --- --- |
|
23.07.2013, 08:58
| #8 |
| /// the machine /// TB-Ausbilder | Google Redirect VirusESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.07.2013, 13:14
| #9 |
| | Google Redirect Virus Erstmal vielen dank für die ganzen Anleitungen. Im moment funktioniert alles wieder Ich hoffe das bleibt auch so. Vielen vielen Dank!!!Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=682c3902c94f2548967e987c5e5b7147
# engine=14500
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-23 11:48:04
# local_time=2013-07-23 01:48:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 52795 240003374 45579 0
# compatibility_mode=5893 16776573 100 94 1949 126209934 0 0
# scanned=214005
# found=1
# cleaned=0
# scan_time=1640
sh=9C0889E9432A9234021D47380AD2246B7302E23D ft=1 fh=df0cf4f23fbf8209 vn="Win32/Ponmocup.HD trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\***\AppData\Roaming\eapp3hstm.dll.vir"
Code:
ATTFilter Results of screen317's Security Check version 0.99.70
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.8.800.94
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (22.0)
Mozilla Thunderbird (17.0.7)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01
Ran by ***(administrator) on 23-07-2013 14:07:10
Running from C:\Users\***\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
() C:\Users\***\Desktop\SecurityCheck.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [icq] - C:\Users\***\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-27] (ICQ)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-07-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [676608 2013-06-04] (Advanced Micro Devices, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:8081
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\esw1vysc.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-07-18] (Avira Operations GmbH & Co. KG)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-07-18] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-07-18] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-07-18] (Avira GmbH)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2012-02-07] (Logitech Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-23 14:07 - 2013-07-23 14:07 - 00000815 _____ C:\Users\***\Desktop\checkup.txt
2013-07-23 14:04 - 2013-07-23 14:04 - 00891062 _____ C:\Users\***\Desktop\SecurityCheck.exe
2013-07-23 13:15 - 2013-07-23 13:15 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-23 13:14 - 2013-07-23 13:14 - 02347384 _____ (ESET) C:\Users\***\Downloads\esetsmartinstaller_enu.exe
2013-07-22 21:58 - 2013-07-22 21:58 - 01779447 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-22 21:19 - 2013-07-22 21:19 - 00002170 _____ C:\Users\***\Desktop\JRT.txt
2013-07-22 21:17 - 2013-07-22 21:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 21:16 - 2013-07-22 21:16 - 00560639 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-22 21:14 - 2013-07-22 21:14 - 00002215 _____ C:\AdwCleaner[S1].txt
2013-07-22 21:13 - 2013-07-22 21:13 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-22 18:18 - 2013-07-22 18:18 - 00024764 _____ C:\ComboFix.txt
2013-07-22 18:13 - 2013-07-22 18:18 - 00000000 ____D C:\Qoobox
2013-07-22 18:13 - 2013-07-22 18:17 - 00000000 ____D C:\Windows\erdnt
2013-07-22 18:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-22 18:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-22 18:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-22 18:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-22 18:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-22 18:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-22 18:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-22 18:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-22 18:12 - 2013-07-22 18:13 - 05091940 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-22 10:47 - 2013-07-22 10:47 - 00019833 _____ C:\Users\***\Downloads\Addition.txt
2013-07-22 10:46 - 2013-07-22 10:46 - 00000000 ____D C:\FRST
2013-07-22 10:43 - 2013-07-22 21:15 - 00001670 _____ C:\Windows\PFRO.log
2013-07-21 22:08 - 2013-07-21 22:08 - 00003409 _____ C:\Users\***\Downloads\Gmer.txt
2013-07-21 21:58 - 2013-07-21 21:58 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-21 21:57 - 2013-07-21 21:57 - 00074734 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-21 21:54 - 2013-07-21 21:54 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-21 21:26 - 2013-07-21 21:49 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-21 21:26 - 2013-07-21 21:26 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-21 21:25 - 2013-07-21 21:25 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-18 17:33 - 2013-07-18 17:33 - 00000000 ____D C:\Users\***\AppData\Roaming\Atari
2013-07-11 23:07 - 2013-07-23 13:11 - 00001344 _____ C:\Windows\setupact.log
2013-07-11 23:07 - 2013-07-11 23:07 - 00000000 _____ C:\Windows\setuperr.log
2013-07-11 13:53 - 2013-07-11 13:53 - 00000000 ____D C:\Program Files (x86)\Infogrames
2013-07-10 19:15 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 19:15 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 19:15 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 19:15 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 19:15 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 19:15 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 19:15 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 19:15 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 19:15 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 19:15 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 19:15 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 19:15 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 11:01 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 11:01 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 11:01 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 11:01 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 11:00 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 11:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 11:00 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-07 11:30 - 2013-07-07 11:30 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-05 18:32 - 2013-07-05 18:32 - 00000000 ____D C:\ProgramData\ATI
2013-07-05 18:32 - 2013-07-05 18:32 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-07-05 18:30 - 2013-07-05 18:30 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-05 11:51 - 2013-07-05 11:51 - 02828552 _____ (AVAST Software) C:\Users\***\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-04 21:08 - 2013-07-04 21:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 _____ C:\autoexec.bat
2013-07-04 20:52 - 2013-07-04 21:08 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-03 12:35 - 2013-07-05 11:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-29 20:55 - 2013-06-30 13:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-28 15:18 - 2013-06-28 15:18 - 00000000 ____D C:\Windows\system32\appmgmt
2013-06-26 16:29 - 2012-01-18 12:06 - 00152576 _____ (Fighting For Fun) C:\Users\***\Downloads\EA_Keygen.exe
2013-06-26 15:52 - 2013-06-26 15:57 - 00000000 ____D C:\Program Files (x86)\OkayFreedom
2013-06-26 15:52 - 2013-06-26 15:55 - 00000000 ____D C:\Users\***\AppData\Roaming\Steganos VPN
2013-06-26 15:51 - 2013-06-26 15:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Steganos
2013-06-26 12:40 - 2013-06-26 12:40 - 00005715 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-06-25 13:45 - 2013-07-18 17:26 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Lite
2013-06-25 13:44 - 2013-06-25 13:47 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-06-24 12:31 - 2013-06-24 12:31 - 00000000 ____D C:\Users\***\Downloads\AS_SSD17_Benchmark
==================== One Month Modified Files and Folders =======
2013-07-23 14:07 - 2013-07-23 14:07 - 00000815 _____ C:\Users\***\Desktop\checkup.txt
2013-07-23 14:04 - 2013-07-23 14:04 - 00891062 _____ C:\Users\***\Desktop\SecurityCheck.exe
2013-07-23 13:18 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 13:18 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 13:16 - 2013-01-17 19:43 - 01836254 _____ C:\Windows\WindowsUpdate.log
2013-07-23 13:16 - 2009-07-14 19:58 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-07-23 13:16 - 2009-07-14 19:58 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-07-23 13:16 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-23 13:15 - 2013-07-23 13:15 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-23 13:14 - 2013-07-23 13:14 - 02347384 _____ (ESET) C:\Users\***\Downloads\esetsmartinstaller_enu.exe
2013-07-23 13:12 - 2012-11-23 16:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 13:11 - 2013-07-11 23:07 - 00001344 _____ C:\Windows\setupact.log
2013-07-23 13:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-22 21:58 - 2013-07-22 21:58 - 01779447 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-22 21:19 - 2013-07-22 21:19 - 00002170 _____ C:\Users\***\Desktop\JRT.txt
2013-07-22 21:17 - 2013-07-22 21:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 21:16 - 2013-07-22 21:16 - 00560639 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-22 21:15 - 2013-07-22 10:43 - 00001670 _____ C:\Windows\PFRO.log
2013-07-22 21:14 - 2013-07-22 21:14 - 00002215 _____ C:\AdwCleaner[S1].txt
2013-07-22 21:13 - 2013-07-22 21:13 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-22 18:18 - 2013-07-22 18:18 - 00024764 _____ C:\ComboFix.txt
2013-07-22 18:18 - 2013-07-22 18:13 - 00000000 ____D C:\Qoobox
2013-07-22 18:17 - 2013-07-22 18:13 - 00000000 ____D C:\Windows\erdnt
2013-07-22 18:17 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-22 18:13 - 2013-07-22 18:12 - 05091940 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-22 10:47 - 2013-07-22 10:47 - 00019833 _____ C:\Users\***\Downloads\Addition.txt
2013-07-22 10:46 - 2013-07-22 10:46 - 00000000 ____D C:\FRST
2013-07-21 22:08 - 2013-07-21 22:08 - 00003409 _____ C:\Users\***\Downloads\Gmer.txt
2013-07-21 21:58 - 2013-07-21 21:58 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-21 21:57 - 2013-07-21 21:57 - 00074734 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-21 21:54 - 2013-07-21 21:54 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL.exe
2013-07-21 21:49 - 2013-07-21 21:26 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-21 21:26 - 2013-07-21 21:26 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-21 21:26 - 2012-08-03 16:59 - 00000000 ____D C:\Users\***
2013-07-21 21:25 - 2013-07-21 21:25 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-21 12:44 - 2012-08-03 19:38 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-07-21 12:44 - 2012-08-03 19:38 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-20 23:56 - 2012-08-04 13:43 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-20 14:29 - 2012-11-23 16:08 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-20 14:29 - 2012-08-08 11:39 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-20 14:29 - 2012-08-08 11:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-20 14:28 - 2012-08-27 20:47 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-07-18 17:33 - 2013-07-18 17:33 - 00000000 ____D C:\Users\***\AppData\Roaming\Atari
2013-07-18 17:29 - 2013-06-19 20:20 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-18 17:28 - 2012-08-03 17:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-18 17:26 - 2013-06-25 13:45 - 00000000 ____D C:\Users\***\AppData\Roaming\DAEMON Tools Lite
2013-07-17 23:00 - 2012-11-23 16:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-17 23:00 - 2012-08-04 13:43 - 00000000 ____D C:\ProgramData\Skype
2013-07-11 23:07 - 2013-07-11 23:07 - 00000000 _____ C:\Windows\setuperr.log
2013-07-11 14:06 - 2012-08-03 17:55 - 00000000 ____D C:\Windows\Panther
2013-07-11 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-11 13:53 - 2013-07-11 13:53 - 00000000 ____D C:\Program Files (x86)\Infogrames
2013-07-10 20:18 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 20:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 20:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 20:18 - 2009-07-14 06:45 - 00294112 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 19:16 - 2012-08-03 17:16 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-07 11:30 - 2013-07-07 11:30 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-06 12:24 - 2012-08-03 17:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 18:32 - 2013-07-05 18:32 - 00000000 ____D C:\ProgramData\ATI
2013-07-05 18:32 - 2013-07-05 18:32 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-07-05 18:32 - 2012-08-03 19:12 - 00000000 ____D C:\ProgramData\AMD
2013-07-05 18:31 - 2012-08-03 19:10 - 00000000 ____D C:\Program Files\ATI Technologies
2013-07-05 18:30 - 2013-07-05 18:30 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-05 18:29 - 2012-08-16 16:39 - 00000000 ____D C:\AMD
2013-07-05 11:51 - 2013-07-05 11:51 - 02828552 _____ (AVAST Software) C:\Users\***\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-07-05 11:47 - 2013-07-03 12:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 21:12 - 2013-07-04 21:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-04 21:08 - 2013-07-04 21:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-04 21:08 - 2013-07-04 20:52 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-04 20:53 - 2013-07-04 20:53 - 00000000 _____ C:\autoexec.bat
2013-06-30 13:29 - 2013-06-29 20:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-28 15:18 - 2013-06-28 15:18 - 00000000 ____D C:\Windows\system32\appmgmt
2013-06-28 15:16 - 2013-06-19 20:24 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2013-06-26 15:57 - 2013-06-26 15:52 - 00000000 ____D C:\Program Files (x86)\OkayFreedom
2013-06-26 15:55 - 2013-06-26 15:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Steganos VPN
2013-06-26 15:52 - 2013-06-26 15:51 - 00000000 ____D C:\Users\***\AppData\Roaming\Steganos
2013-06-26 12:40 - 2013-06-26 12:40 - 00005715 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-06-26 12:40 - 2013-06-17 13:45 - 00000000 ____D C:\Users\***\.gimp-2.8
2013-06-25 13:47 - 2013-06-25 13:44 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-06-24 12:31 - 2013-06-24 12:31 - 00000000 ____D C:\Users\***\Downloads\AS_SSD17_Benchmark
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-14 16:12
==================== End Of Log ============================
--- --- --- |
|
23.07.2013, 14:09
| #10 |
| /// the machine /// TB-Ausbilder | Google Redirect Virus Adobe updaten. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Google Redirect Virus |
| adobe, antivir, autorun, avira, bho, browser, desktop, explorer, flash player, format, google, google redirect, installation, logfile, mozilla, object, realtek, registry, rundll, scan, seiten, software, temp, usb, virus, windows |
Linear-Darstellung
