|
Log-Analyse und Auswertung: Nur Inrternet Explorer hat InternetverbindungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.07.2013, 10:57 | #1 |
| Nur Inrternet Explorer hat Internetverbindung Andere Browser oder mailprogramme können die bestehende Internetverbidung nicht nutzen. Auch andere Programme, die updates über das Intenet beziehen (z.B. AVAST) sind betroffen. Anti-Viren-Programme lassen sich nur manuell aktuelisieren. Die Internetverbindung über Fritz-Box Kann wohl nicht schuld sein, da ja IE funktioniert und ein Notebook über W-Lan zugreifen kann. Windows updates funktionieren aber. |
28.07.2013, 11:40 | #2 |
/// the machine /// TB-Ausbilder | Nur Inrternet Explorer hat Internetverbindung hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
28.07.2013, 15:47 | #3 |
| Nur Inrternet Explorer hat InternetverbindungFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013 Ran by Andy & Lena (administrator) on 28-07-2013 16:41:11 Running from C:\Users\Andy & Lena\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\Service\BitBoxService.exe (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe () C:\ProgramData\Mobiles Internet\OnlineUpdate\ouc.exe () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\system32\UI0Detect.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKCU\...\Policies\system: [DisableChangePassword] 0 HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [HideLogonScripts] 0 HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273544 2011-06-24] (RealNetworks, Inc.) HKU\Administrator\...\Run: [IncrediMail] - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [366024 2011-09-28] (IncrediMail, Ltd.) HKU\Administrator\...\Run: [EPSON Stylus DX4400 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\ADMINI~1\AppData\Local\Temp\E_SD1B0.tmp" /EF "HKCU" [x] <===== ATTENTION HKU\Administrator\...\Policies\system: [DisableChangePassword] 0 HKU\Administrator\...\Policies\system: [DisableLockWorkstation] 0 HKU\Administrator\...\Policies\system: [HideLegacyLogonScripts] 0 HKU\Administrator\...\Policies\system: [HideLogoffScripts] 0 HKU\Administrator\...\Policies\system: [HideLogonScripts] 0 HKU\Administrator\...\Policies\system: [NoColorChoice] 0 HKU\Administrator\...\Policies\system: [NoDispAppearancePage] 0 HKU\Administrator\...\Policies\system: [NoDispBackgroundPage] 0 HKU\Administrator\...\Policies\system: [NoDispCPL] 0 HKU\Administrator\...\Policies\system: [NoDispScrSavPage] 0 HKU\Administrator\...\Policies\system: [NoDispSettingsPage] 0 HKU\Administrator\...\Policies\system: [NoSizeChoice] 0 HKU\Administrator\...\Policies\system: [NoVisualStyleChoice] 0 HKU\Default\...\Run: [StartUp This] - "C:\Program Files (x86)\Laplink\PCmover\LaunchSt.exe" [x] HKU\Default User\...\Run: [StartUp This] - "C:\Program Files (x86)\Laplink\PCmover\LaunchSt.exe" [x] Startup: C:\Users\Andy & Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ShortcutTarget: regmonstd.lnk -> C:\Users\ANDY&L~1\AppData\Local\Temp\pybiwtptwsfffyqckkj.bfg () SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\shell32.dll (Microsoft Corporation) SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\shell32.dll (Microsoft Corporation) SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %SystemRoot%\system32\stobject.dll (Microsoft Corporation) SSODL-x32: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2722653 SearchScopes: HKLM-x32 - {230169A5-BE34-4219-9E9B-C4F204C7B519} URL = google - Search Page SearchScopes: HKLM-x32 - {9278660D-588A-4C74-8344-452016F55528} URL = google - Search Page SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2722653 SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/german/?search={searchTerms}&loc=search_box&a=6R7NvjZWId SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119828&babsrc=SP_ss&mntrId=f6a564360000000000000026188fddf0 SearchScopes: HKCU - {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f6a56436000000000000000000000000&tlver=1.4.19.19&ss=1&affID=17395 SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={D00A449A-4E56-4B74-8111-5A6145FC20DD}&mid=775bc98d966663a81485c41dba4ddaa3-3caad277db32ff8263ad0ccceca43f767a7c4806&lang=de&ds=AVG&pr=fr&d=2011-12-29 19:10:25&v=9.0.0.23&sap=dsp&q={searchTerms} SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/german/?search={searchTerms}&loc=search_box&a=6R7NvjZWId SearchScopes: HKCU - {F6008133-C40B-479D-B057-12F15387E183} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms} BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DownloadHelper Class - {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} - C:\Program Files (x86)\Common Files\Download Helper\DownloadHelperx64.dll (IE Download Helper) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {C9508125-4747-4733-B048-E4B82DC9716D} - No File Toolbar: HKCU - No Name - {D8FB4583-DB9D-4C7B-85BE-294C13A3E5C4} - No File Toolbar: HKCU - No Name - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKCU - No Name - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No File DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - No File Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - No File Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) Handler-x32: ipp - No CLSID Value - Handler-x32: msdaipp - No CLSID Value - Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) Handler-x32: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\Windows\SysWOW64\wiascr.dll (Microsoft Corporation) Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - No File Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\SysWOW64\SHELL32.dll (Microsoft Corporation) ShellExecuteHooks-x32: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL [192512 2004-11-23] (MarkAny Cooperation.) ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll [12872704 2013-02-27] (Microsoft Corporation) Winsock: Catalog9 01 C:\Program Files (x86)\Ashampoo\Ashampoo FireWall\spi.dll [393728] () Winsock: Catalog9 02 C:\Program Files (x86)\Ashampoo\Ashampoo FireWall\spi.dll [393728] () Winsock: Catalog9 03 C:\Program Files (x86)\Ashampoo\Ashampoo FireWall\spi.dll [393728] () Winsock: Catalog9 04 C:\Program Files (x86)\Ashampoo\Ashampoo FireWall\spi.dll [393728] () Winsock: Catalog9 05 C:\Program Files (x86)\Ashampoo\Ashampoo FireWall\spi.dll [393728] () Winsock: Catalog9 06 C:\Program Files (x86)\Ashampoo\Ashampoo FireWall\spi.dll [393728] () Winsock: Catalog9 07 C:\Program Files (x86)\Ashampoo\Ashampoo FireWall\spi.dll [393728] () Winsock: Catalog9 14 C:\Program Files (x86)\Ashampoo\Ashampoo FireWall\spi.dll [393728] () Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll File Not found () Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Andy & Lena\AppData\Roaming\Mozilla\Firefox\Profiles\ufg2sa2n.default FF user.js: detected! => C:\Users\Andy & Lena\AppData\Roaming\Mozilla\Firefox\Profiles\ufg2sa2n.default\user.js FF NewTab: hxxp://search.babylon.com/?affID=119828&babsrc=NT_ss&mntrId=f6a564360000000000000026188fddf0 FF SelectedSearchEngine: Search the web (Babylon) FF Homepage: hxxp://search.babylon.com/?affID=119828&babsrc=HP_ss&mntrId=f6a564360000000000000026188fddf0 FF Keyword.URL: hxxp://search.babylon.com/?affID=119828&babsrc=KW_ss&mntrId=f6a564360000000000000026188fddf0&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_10_3_162.dll () FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 - C:\PROGRA~2\SONYON~1\npsoe.dll () FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\PROGRA~2\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF Plugin HKCU: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andy & Lena\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andy & Lena\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [jqs@sun.com] C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff FF HKLM-x32\...\Firefox\Extensions: [{fa46cb24-1d5b-4048-911a-2857a0944395}] C:\Program Files (x86)\FVD Suite\addons\Firefox FF Extension: No Name - C:\Program Files (x86)\FVD Suite\addons\Firefox FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [flashcatch@flashcatch.com] C:\Program Files (x86)\FlashCatch\firefox FF Extension: FlashCatch - C:\Program Files (x86)\FlashCatch\firefox FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ FF Extension: AVG E-mail Scanner - C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx ==================== Services (Whitelisted) ================= R2 AudioSrv; C:\Windows\SysWow64\Audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S4 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC) R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\Service\BitBoxService.exe [718848 2012-06-22] (Sirrix AG) R2 BITS; C:\Windows\SysWow64\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101376 2013-02-25] (Freemake) R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-02-25] (Ellora Assets Corp.) S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) R2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre6\bin\jqs.exe [153376 2012-02-25] (Sun Microsystems, Inc.) R2 LanmanServer; C:\Windows\SysWow64\srvsvc.dll [96768 2008-04-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 Mobiles Internet. RunOuc; C:\Program Files (x86)\Mobiles Internet\UpdateDog\ouc.exe [246112 2012-04-03] () S2 MSCamSvc; C:\Program Files (x86)\Microsoft LifeCam\MSCamS32.exe [207664 2006-10-13] (Microsoft Corporation) S4 O&O DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [3382528 2009-09-15] () S3 RasAuto; C:\Windows\SysWow64\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) R3 RasMan; C:\Windows\SysWow64\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [244904 2008-10-24] () S2 Schedule; C:\Windows\SysWow64\schedsvc.dll [193536 2008-04-14] (Microsoft Corporation) S3 TermService; C:\Windows\SysWow64\termsrv.dll [297472 2008-04-14] (Microsoft Corporation) S4 VC10SecS; C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [145224 2009-10-08] (H+H Software GmbH) R2 wuauserv; C:\Windows\SysWow64\wuaueng.dll [1809944 2008-10-16] (Microsoft Corporation) S4 M4-Service; C:\Users\Andy & Lena\AppData\Roaming\Mikogo 4\M4-Service.exe [x] S2 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [x] S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x] ==================== Drivers (Whitelisted) ==================== S3 ASPI; C:\Windows\SysWow64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] () R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [23944 2010-04-06] (IVT Corporation.) S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2010-04-06] () S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27016 2010-04-06] (IVT Corporation.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MEMSWEEP2; C:\Windows\system32\ADA.tmp [6144 2011-05-12] (Sophos Plc) S3 MEMSWEEP2; C:\Windows\system32\ADA.tmp [6144 2011-05-12] (Sophos Plc) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [117256 2009-09-15] (O&O Software GmbH) R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [39944 2009-09-15] (O&O Software GmbH) R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [207368 2009-09-15] (O&O Software GmbH) R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [42504 2009-09-15] (O&O Software GmbH) R3 PciPPorts; C:\Windows\System32\DRIVERS\PciPPorts.sys [96768 2009-07-23] () R3 PciSPorts; C:\Windows\System32\DRIVERS\PciSPorts.sys [122880 2008-12-19] () S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10951552 2009-07-17] (Sonix Co. Ltd.) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () S3 ASPI; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [x] S3 BlueletAudio; No ImagePath S3 BlueletSCOAudio; No ImagePath S3 BT; system32\DRIVERS\btnetdrv.sys [x] S3 BTCOM; system32\DRIVERS\btcomport.sys [x] S3 BTCOMBUS; System32\Drivers\btcombus.sys [x] S3 Btcsrusb; System32\Drivers\btcusb.sys [x] S3 BTHidEnum; No ImagePath S0 BTHidMgr; No ImagePath S3 DRHARD; \??\C:\Windows\system32\DRIVERS\DRHARD.SYS [x] S3 MotDev; system32\DRIVERS\motodrv.sys [x] S3 motmodem; system32\DRIVERS\motmodem.sys [x] S0 PxHelp20; system32\DRIVERS\PxHelp20.sys [x] S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S0 SpiderG3; system32\drivers\spiderg3.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-28 16:40 - 2013-07-28 16:40 - 01780547 _____ (Farbar) C:\Users\Andy & Lena\Desktop\FRST64.exe 2013-07-28 16:40 - 2013-07-28 16:40 - 00000000 ____D C:\FRST 2013-07-28 11:29 - 2013-07-28 11:29 - 00602112 _____ (OldTimer Tools) C:\Users\Andy & Lena\Desktop\OTL.exe 2013-07-28 11:20 - 2013-07-28 11:20 - 01548728 _____ C:\Users\Andy & Lena\Desktop\gmer2.log 2013-07-28 10:36 - 2013-07-28 10:36 - 00029552 _____ C:\Users\Andy & Lena\Desktop\blueboyandy-gmer.log 2013-07-27 13:11 - 2013-07-27 13:11 - 00093656 _____ C:\Users\Andy & Lena\Desktop\Extrasblueboyandy.txt 2013-07-27 13:10 - 2013-07-27 13:10 - 00211532 _____ C:\Users\Andy & Lena\Desktop\OTLblueboyandy.Txt 2013-07-27 13:08 - 2013-07-28 10:27 - 00377856 _____ C:\Users\Andy & Lena\Desktop\gmer_2.1.19163.exe 2013-07-27 13:08 - 2013-07-27 13:08 - 00093656 _____ C:\Users\Andy & Lena\Desktop\Extras.Txt 2013-07-27 13:07 - 2013-07-27 13:07 - 00211532 _____ C:\Users\Andy & Lena\Desktop\OTL.Txt 2013-07-27 12:56 - 2013-07-27 12:56 - 00000000 _____ C:\Users\Andy & Lena\defogger_reenable 2013-07-27 12:54 - 2013-07-27 12:54 - 00000256 _____ C:\Users\Andy & Lena\Desktop\defogger_enable.log 2013-07-27 12:52 - 2013-07-27 12:56 - 00000484 _____ C:\Users\Andy & Lena\Desktop\defogger_disable.log 2013-07-27 12:51 - 2013-07-27 12:51 - 00050477 _____ C:\Users\Andy & Lena\Desktop\Defogger.exe 2013-07-27 12:48 - 2013-07-27 12:48 - 00050477 _____ C:\Users\Andy & Lena\Downloads\Defogger.exe 2013-07-25 12:39 - 2013-07-28 13:12 - 1555808013 _____ C:\Windows\MEMORY.DMP 2013-07-25 12:39 - 2013-07-25 12:39 - 00285376 _____ C:\Windows\Minidump\072513-27066-01.dmp 2013-07-25 11:07 - 2013-07-28 16:32 - 00000728 _____ C:\Windows\setupact.log 2013-07-25 11:07 - 2013-07-25 11:07 - 00000000 _____ C:\Windows\setuperr.log 2013-07-24 22:05 - 2013-07-25 22:30 - 00022762 _____ C:\Windows\IE10_main.log 2013-07-18 13:20 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-18 13:20 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-17 22:34 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-17 22:34 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-17 22:34 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-17 22:34 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-17 22:34 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-17 22:34 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-17 22:34 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-17 22:34 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-17 22:34 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-17 22:34 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-17 22:34 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-17 22:34 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-17 22:34 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-17 22:34 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-17 22:34 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-17 22:34 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-17 22:34 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-17 22:34 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-17 22:34 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-17 22:34 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-07-17 22:34 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-17 22:34 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-17 22:34 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-07-17 22:34 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-17 22:34 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-07-17 22:34 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-07-17 22:34 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-17 22:34 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-17 22:34 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-17 22:34 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-17 22:34 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-07-17 22:34 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-17 18:25 - 2013-07-17 18:25 - 38103832 _____ (Amazon.com) C:\Users\Andy & Lena\Downloads\KindleForPC-installer.exe 2013-07-17 18:23 - 2013-07-17 18:29 - 00001973 _____ C:\Users\Andy & Lena\Desktop\Kindle.lnk 2013-07-17 18:23 - 2013-07-17 18:29 - 00000000 ____D C:\Program Files (x86)\Amazon 2013-07-17 18:23 - 2013-07-17 18:23 - 00000000 ____D C:\Users\ANDY&L~1\AppData\Local\Amazon 2013-07-17 18:23 - 2013-07-17 18:23 - 00000000 ____D C:\Users\Andy & Lena\Documents\My Kindle Content 2013-07-17 18:23 - 2013-07-17 18:23 - 00000000 ____D C:\Users\Andy & Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2013-07-16 18:39 - 2013-07-16 18:39 - 00000165 _____ C:\ProgramData\jkkcqyfffswtptwibyp.reg 2013-07-16 18:39 - 2013-07-16 18:39 - 00000070 _____ C:\ProgramData\jkkcqyfffswtptwibyp.bat 2013-07-15 19:51 - 2013-07-15 19:51 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce8183f15f0a7f.job 2013-07-12 18:32 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-12 18:32 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-12 18:32 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-12 18:32 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-12 18:31 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-05 19:59 - 2013-07-05 19:59 - 00005413 _____ C:\Users\Andy & Lena\Downloads\Part_2.html 2013-07-02 20:57 - 2013-07-02 20:58 - 297779291 ____T C:\Users\Andy & Lena\Desktop\Neutral 2013-07-01 19:50 - 2013-07-01 20:06 - 00000000 ____D C:\Users\Andy & Lena\Documents\IncrediMail Transferred Data 2013-07-01 19:17 - 2013-07-01 19:17 - 00017920 ___SH C:\Users\Andy & Lena\Thumbs.db 110 ==================== One Month Modified Files and Folders ======= 2018-01-01 18:45 - 2012-11-25 18:33 - 00000000 ____D C:\Users\Andy & Lena\.VirtualBox 2017-12-31 20:48 - 2017-12-31 20:48 - 00000000 ____D C:\Users\Andy & Lena\Downloads\BitBoxPrint 2013-07-28 16:40 - 2013-07-28 16:40 - 01780547 _____ (Farbar) C:\Users\Andy & Lena\Desktop\FRST64.exe 2013-07-28 16:40 - 2013-07-28 16:40 - 00000000 ____D C:\FRST 2013-07-28 16:32 - 2013-07-25 11:07 - 00000728 _____ C:\Windows\setupact.log 2013-07-28 14:37 - 2012-04-04 04:02 - 01185334 _____ C:\Windows\WindowsUpdate.log 2013-07-28 13:20 - 2009-07-14 06:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-28 13:20 - 2009-07-14 06:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-28 13:12 - 2013-07-25 12:39 - 1555808013 _____ C:\Windows\MEMORY.DMP 2013-07-28 13:12 - 2012-03-26 18:19 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-28 13:12 - 2009-12-06 09:31 - 00000000 ____D C:\Windows\Minidump 2013-07-28 13:12 - 2009-07-14 07:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-28 13:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-28 12:21 - 2010-12-18 23:11 - 00000000 ____D C:\Users\Andy & Lena\Desktop\Yuliya 2013-07-28 12:06 - 2009-12-05 16:08 - 00000000 ____D C:\Users\Andy & Lena 2013-07-28 11:51 - 2009-12-06 11:42 - 00000000 ____D C:\Users\Andy & Lena\AppData\Roaming\Real 2013-07-28 11:29 - 2013-07-28 11:29 - 00602112 _____ (OldTimer Tools) C:\Users\Andy & Lena\Desktop\OTL.exe 2013-07-28 11:20 - 2013-07-28 11:20 - 01548728 _____ C:\Users\Andy & Lena\Desktop\gmer2.log 2013-07-28 10:36 - 2013-07-28 10:36 - 00029552 _____ C:\Users\Andy & Lena\Desktop\blueboyandy-gmer.log 2013-07-28 10:27 - 2013-07-27 13:08 - 00377856 _____ C:\Users\Andy & Lena\Desktop\gmer_2.1.19163.exe 2013-07-27 13:11 - 2013-07-27 13:11 - 00093656 _____ C:\Users\Andy & Lena\Desktop\Extrasblueboyandy.txt 2013-07-27 13:10 - 2013-07-27 13:10 - 00211532 _____ C:\Users\Andy & Lena\Desktop\OTLblueboyandy.Txt 2013-07-27 13:08 - 2013-07-27 13:08 - 00093656 _____ C:\Users\Andy & Lena\Desktop\Extras.Txt 2013-07-27 13:07 - 2013-07-27 13:07 - 00211532 _____ C:\Users\Andy & Lena\Desktop\OTL.Txt 2013-07-27 12:56 - 2013-07-27 12:56 - 00000000 _____ C:\Users\Andy & Lena\defogger_reenable 2013-07-27 12:56 - 2013-07-27 12:52 - 00000484 _____ C:\Users\Andy & Lena\Desktop\defogger_disable.log 2013-07-27 12:54 - 2013-07-27 12:54 - 00000256 _____ C:\Users\Andy & Lena\Desktop\defogger_enable.log 2013-07-27 12:51 - 2013-07-27 12:51 - 00050477 _____ C:\Users\Andy & Lena\Desktop\Defogger.exe 2013-07-27 12:48 - 2013-07-27 12:48 - 00050477 _____ C:\Users\Andy & Lena\Downloads\Defogger.exe 2013-07-26 16:30 - 2009-12-22 20:47 - 00000000 ____D C:\Program Files\MyDefrag v4.2.7 2013-07-25 22:30 - 2013-07-24 22:05 - 00022762 _____ C:\Windows\IE10_main.log 2013-07-25 12:39 - 2013-07-25 12:39 - 00285376 _____ C:\Windows\Minidump\072513-27066-01.dmp 2013-07-25 11:07 - 2013-07-25 11:07 - 00000000 _____ C:\Windows\setuperr.log 2013-07-24 20:08 - 2012-01-14 19:02 - 00001993 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-07-22 09:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-22 09:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-19 13:10 - 2009-07-14 19:58 - 00696620 _____ C:\Windows\system32\perfh007.dat 2013-07-19 13:10 - 2009-07-14 19:58 - 00147916 _____ C:\Windows\system32\perfc007.dat 2013-07-19 13:10 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-18 13:15 - 2009-07-14 06:45 - 00391976 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-17 22:37 - 2009-12-10 20:17 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-17 22:22 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-17 18:29 - 2013-07-17 18:23 - 00001973 _____ C:\Users\Andy & Lena\Desktop\Kindle.lnk 2013-07-17 18:29 - 2013-07-17 18:23 - 00000000 ____D C:\Program Files (x86)\Amazon 2013-07-17 18:25 - 2013-07-17 18:25 - 38103832 _____ (Amazon.com) C:\Users\Andy & Lena\Downloads\KindleForPC-installer.exe 2013-07-17 18:23 - 2013-07-17 18:23 - 00000000 ____D C:\Users\ANDY&L~1\AppData\Local\Amazon 2013-07-17 18:23 - 2013-07-17 18:23 - 00000000 ____D C:\Users\Andy & Lena\Documents\My Kindle Content 2013-07-17 18:23 - 2013-07-17 18:23 - 00000000 ____D C:\Users\Andy & Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2013-07-16 18:39 - 2013-07-16 18:39 - 00000165 _____ C:\ProgramData\jkkcqyfffswtptwibyp.reg 2013-07-16 18:39 - 2013-07-16 18:39 - 00000070 _____ C:\ProgramData\jkkcqyfffswtptwibyp.bat 2013-07-16 18:39 - 2009-12-05 16:08 - 00000000 ___RD C:\Users\Andy & Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-07-15 19:51 - 2013-07-15 19:51 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce8183f15f0a7f.job 2013-07-12 13:55 - 2012-04-07 12:31 - 00000116 _____ C:\Windows\NeroDigital.ini 2013-07-12 13:55 - 2010-01-06 00:11 - 00000214 _____ C:\Users\Andy & Lena\AppData\Roaming\default.rss 2013-07-12 13:41 - 2010-04-27 18:52 - 00000103 _____ C:\Users\Andy & Lena\AppData\default.pls 2013-07-12 13:21 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew 2013-07-12 13:20 - 2009-12-05 19:55 - 00000000 ____D C:\Users\Administrator 2013-07-12 13:19 - 2009-12-05 20:15 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-07-12 13:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-07-12 13:18 - 2009-12-05 23:07 - 00000000 ____D C:\ProgramData\Adobe 2013-07-11 19:15 - 2009-12-06 10:52 - 00000000 ____D C:\Users\ANDY&L~1\AppData\Local\Adobe 2013-07-08 17:10 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Offline Web Pages 2013-07-08 17:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-07-08 17:10 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-07-07 22:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-07-05 19:59 - 2013-07-05 19:59 - 00005413 _____ C:\Users\Andy & Lena\Downloads\Part_2.html 2013-07-02 20:58 - 2013-07-02 20:57 - 297779291 ____T C:\Users\Andy & Lena\Desktop\Neutral 2013-07-02 20:42 - 2009-12-06 10:55 - 00000000 ____D C:\Users\ANDY&L~1\AppData\Local\IM 2013-07-01 20:06 - 2013-07-01 19:50 - 00000000 ____D C:\Users\Andy & Lena\Documents\IncrediMail Transferred Data 2013-07-01 19:17 - 2013-07-01 19:17 - 00017920 ___SH C:\Users\Andy & Lena\Thumbs.db 2013-06-30 23:12 - 2012-08-29 22:46 - 08403721 _____ C:\Users\ANDY&L~1\AppData\Local\census.cache 2013-06-30 23:04 - 2012-08-29 22:42 - 00179465 _____ C:\Users\ANDY&L~1\AppData\Local\ars.cache 2013-06-30 16:43 - 2010-04-19 22:06 - 00000000 __RSD C:\Users\Andy & Lena\Documents\My Stationery 2013-06-30 16:43 - 2010-04-01 22:23 - 00000000 ___RD C:\Users\Andy & Lena\Desktop\Converter 2013-06-30 16:43 - 2009-12-06 14:46 - 00000000 ___RD C:\Users\Andy & Lena\Favoriten 2013-06-30 16:40 - 2011-03-24 19:16 - 00000000 ____D C:\Users\Andy & Lena\Downloads\settings.php-Dateien 2013-06-30 16:40 - 2010-12-19 19:54 - 00000000 ____D C:\Users\Andy & Lena\dwhelper 2013-06-30 16:40 - 2010-12-14 00:37 - 00000000 ____D C:\Users\Andy & Lena\Downloads\success-Dateien 2013-06-30 16:40 - 2010-12-14 00:37 - 00000000 ____D C:\Users\Andy & Lena\Downloads\holubovsky-Dateien 2013-06-30 16:40 - 2010-12-04 19:49 - 00000000 ____D C:\Users\Andy & Lena\Downloads\webhosting-Dateien 2013-06-30 16:40 - 2010-11-24 20:29 - 00000000 ____D C:\Users\Andy & Lena\Downloads\webscr-Dateien 2013-06-30 16:40 - 2010-01-24 22:44 - 00000000 ____D C:\Users\Andy & Lena\Tiere 2013-06-30 16:40 - 2009-12-29 13:48 - 00000000 ____D C:\Users\Andy & Lena\Filme 2013-06-30 16:40 - 2009-12-26 21:03 - 00000000 ____D C:\Users\Andy & Lena\Documents\Bluetooth 2013-06-30 16:40 - 2009-12-06 14:23 - 00000000 ____D C:\Users\Andy & Lena\Documents\viktjuk 2013-06-30 16:40 - 2009-12-06 14:22 - 00000000 ____D C:\Users\Andy & Lena\Documents\Meine empfangenen Dateien 2013-06-28 13:38 - 2012-09-12 18:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-28 13:37 - 2012-04-06 17:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-28 13:37 - 2011-05-21 12:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-28 13:28 - 2009-12-05 17:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed Files to move or delete: ==================== C:\ProgramData\3abh.bat C:\ProgramData\3abh.pad C:\ProgramData\3abh.reg C:\ProgramData\dzejlo.bat C:\ProgramData\dzejlo.pad C:\ProgramData\dzejlo.reg C:\ProgramData\eqirr9.bat C:\ProgramData\eqirr9.pad C:\ProgramData\eqirr9.reg C:\ProgramData\hjofof.bat C:\ProgramData\hjofof.pad C:\ProgramData\hjofof.reg C:\ProgramData\iwz6li.pad C:\ProgramData\jkkcqyfffswtptwibyp.bat C:\ProgramData\jkkcqyfffswtptwibyp.reg C:\Users\Andy & Lena\AdbeRdr920_de_DE.exe C:\Users\Andy & Lena\avg_free_stf_eu_90_707a1765.exe C:\Users\Andy & Lena\install_flash_player.exe C:\Users\Andy & Lena\MyDefrag-v4.2.7.exe C:\Users\Andy & Lena\Nero-9.4.26.0.exe C:\Users\Andy & Lena\Nero_BackItUpAndBurn-1.2.17b.exe C:\Users\Andy & Lena\setupRynga.exe C:\Users\Andy & Lena\SkypeSetup.exe C:\Users\Andy & Lena\wlsetup-web.exe C:\Users\Andy & Lena\AppData\Roaming\AltShell.ini C:\Users\Andy & Lena\AppData\Roaming\skype.ini C:\Users\Andy & Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk C:\Windows\Tasks\{47E7CE66-99E7-496E-9F58-85D886F470C9}.job C:\Windows\Tasks\{6307619E-3FEA-4978-8FE5-D4C7B3A63A14}.job C:\Windows\Tasks\{907960B6-75D6-4D0F-9996-A5A6B68E44B3}.job C:\Windows\Tasks\{A806FA7C-2A27-4E5F-B696-E8BA8913A0E7}.job C:\Windows\Tasks\{B4CC74B3-A9EC-4A2E-AB95-7AC78357E5D3}.job C:\Windows\Tasks\{CB92455B-8D9F-49C6-80A1-B7E287989712}.job ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2009-12-05 18:07 ==================== End Of Log ============================ |
28.07.2013, 16:58 | #4 | |
/// the machine /// TB-Ausbilder | Nur Inrternet Explorer hat InternetverbindungCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Nur Inrternet Explorer hat Internetverbindung |
andere, avast, browser, ebook, explorer, funktionier, funktionieren, funktioniert, inter, interne, internetverbindung, manuell, notebook, nutze, schuld, updates, verbindung, w-lan, windows, windows updates, zugreife, zugreifen |