| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Avira Fund Tr/Urausy was tun ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.08.2013, 17:44
| #1 |
 |  Windows 7 Avira Fund Tr/Urausy was tun ? Hallo und guten Tag ich bin neu hier und hoffe das ich alles richtig und zu eurer zufriedenheit mache ich hab Avira mal wieder druchlaufen lassen und er hatte 2 funde mir aber nur einen angezeigt diesen Tr/Urausy ich hab mich schon belesen und Defogger, FRST64 und GMER Runtergeladen und die Anleitung befolgt und alles Abgespeiert, ich weiß nun nur nicht wie ich das hier hochladen kann um es euch zu zeigen danke schon einmal im Vorraus |
|
13.08.2013, 17:51
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 Avira Fund Tr/Urausy was tun ? hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
13.08.2013, 18:45
| #3 |
| | Windows 7 Avira Fund Tr/Urausy was tun ? also die defogger_disable :
__________________Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:30 on 13/08/2013 (phil radon)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013
Ran by phil radon (administrator) on 13-08-2013 14:33:02
Running from C:\Users\phil radon\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\Windows\system32\dmwu.exe
() C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Akamai Technologies, Inc.) C:\Users\phil radon\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Akamai Technologies, Inc.) C:\Users\phil radon\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Dropbox, Inc.) C:\Users\phil radon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [17412200 2010-04-07] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\phil radon\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\phil radon\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-07] (Facebook Inc.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [tsnpstd3] - C:\Windows\tsnpstd3.exe [262144 2007-03-30] (SONIX)
HKLM-x32\...\Run: [NPSStartup] - [x]
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Gast\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKU\Gast\...\Run: [Spotify] - C:\Users\Gast\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-09] (Spotify Ltd)
HKU\Gast\...\Run: [Spotify Web Helper] - C:\Users\Gast\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-09] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\phil radon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\phil radon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\phil radon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\phil radon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27361010n245l0414z165t4642q578
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {A1C1CE9F-7480-472C-847E-84A5BC0CD9AD} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=3E9E4F36-B84B-4616-8D37-8F1CFDF07865&apn_sauid=B83D5566-8D97-4241-90F4-9ECF50DE4957
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6OyQh3w5fS&i=26
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Users\phil radon\Desktop\Neuer Ordner\MP3 Recorder for YouTube\IEPlugin.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Users\phil radon\Desktop\Neuer Ordner\MP3 Recorder for YouTube\IEPlugin.dll No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default
FF NewTab: hxxp://mystart.incredibar.com/mb174?a=6OyQh3w5fS&i=26
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\phil radon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Users\phil radon\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: werkzeugleiste_studierende - C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\Extensions\werkzeugleiste_studierende@uni-greifswald.de.xpi
FF Extension: No Name - C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Recorder Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\IB Updater\Firefox
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [246520 2010-06-02] ()
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-05-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-11-13] (Nitro PDF Software)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 usbet; C:\Windows\System32\DRIVERS\ETdrv.sys [182912 2010-04-29] (Etron)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-13 14:31 - 2013-08-13 14:32 - 01575190 _____ (Farbar) C:\Users\phil radon\Downloads\FRST64.exe
2013-08-13 14:27 - 2013-08-13 14:30 - 00000482 _____ C:\Users\phil radon\Downloads\defogger_disable.log
2013-08-13 14:27 - 2013-08-13 14:27 - 00000000 _____ C:\Users\phil radon\defogger_reenable
2013-08-13 14:26 - 2013-08-13 14:26 - 00050477 _____ C:\Users\phil radon\Downloads\Defogger.exe
2013-08-13 12:49 - 2013-08-13 12:49 - 00000000 ____D C:\Users\phil radon\Desktop\Bafög
2013-08-04 20:21 - 2013-08-04 20:21 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-04 20:21 - 2013-08-04 20:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-04 20:21 - 2013-08-04 20:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-04 20:21 - 2013-08-04 20:21 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-04 20:21 - 2013-08-04 20:21 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-04 20:15 - 2013-08-04 20:15 - 00903080 _____ (Oracle Corporation) C:\Users\Gast\Downloads\jxpiinstall.exe
2013-08-04 16:35 - 2013-08-04 16:35 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-18 17:02 - 2013-07-18 17:03 - 64019968 _____ C:\Users\phil radon\Documents\Clip0028.AVI
2013-07-17 13:26 - 2013-08-05 17:22 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner (2)
2013-07-17 08:22 - 2013-07-17 08:31 - 00010557 _____ C:\Windows\IE10_main.log
==================== One Month Modified Files and Folders =======
2013-08-13 14:34 - 2010-10-12 12:09 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-13 14:32 - 2013-08-13 14:32 - 00000000 ____D C:\FRST
2013-08-13 14:32 - 2013-08-13 14:31 - 01575190 _____ (Farbar) C:\Users\phil radon\Downloads\FRST64.exe
2013-08-13 14:30 - 2013-08-13 14:27 - 00000482 _____ C:\Users\phil radon\Downloads\defogger_disable.log
2013-08-13 14:27 - 2013-08-13 14:27 - 00000000 _____ C:\Users\phil radon\defogger_reenable
2013-08-13 14:27 - 2010-10-12 02:39 - 00000000 ____D C:\Users\phil radon
2013-08-13 14:27 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-13 14:27 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 14:26 - 2013-08-13 14:26 - 00050477 _____ C:\Users\phil radon\Downloads\Defogger.exe
2013-08-13 14:07 - 2010-06-25 20:26 - 01697695 _____ C:\Windows\WindowsUpdate.log
2013-08-13 14:03 - 2013-05-29 08:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-13 12:52 - 2013-03-07 13:22 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3769479268-2353718043-1891624552-1001UA.job
2013-08-13 12:52 - 2013-03-07 13:22 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3769479268-2353718043-1891624552-1001Core.job
2013-08-13 12:49 - 2013-08-13 12:49 - 00000000 ____D C:\Users\phil radon\Desktop\Bafög
2013-08-13 10:38 - 2010-06-26 06:17 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-08-13 10:38 - 2010-06-26 06:17 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-08-13 10:38 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-13 10:34 - 2013-01-29 16:38 - 00000000 ___RD C:\Users\phil radon\Dropbox
2013-08-13 10:34 - 2012-10-23 09:00 - 00000000 ____D C:\Users\phil radon\AppData\Roaming\Dropbox
2013-08-13 10:34 - 2010-10-12 12:09 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-13 10:20 - 2013-05-13 17:59 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-08-13 10:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-13 10:20 - 2009-07-14 06:51 - 00146294 _____ C:\Windows\setupact.log
2013-08-12 18:57 - 2013-07-03 15:59 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Spotify
2013-08-12 18:56 - 2012-07-28 17:48 - 00000324 _____ C:\Windows\Tasks\MT66 Software Update.job
2013-08-12 15:58 - 2013-07-07 17:49 - 00000000 ___RD C:\Users\Gast\Dropbox
2013-08-12 15:58 - 2013-07-07 17:46 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dropbox
2013-08-05 17:22 - 2013-07-17 13:26 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner (2)
2013-08-05 12:47 - 2013-07-03 15:59 - 00000000 ____D C:\Users\Gast\AppData\Local\Spotify
2013-08-04 20:21 - 2013-08-04 20:21 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-04 20:21 - 2013-08-04 20:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-04 20:21 - 2013-08-04 20:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-04 20:21 - 2013-08-04 20:21 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-04 20:21 - 2013-08-04 20:21 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-04 20:21 - 2013-04-08 02:22 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-04 20:21 - 2010-10-30 14:38 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-04 20:15 - 2013-08-04 20:15 - 00903080 _____ (Oracle Corporation) C:\Users\Gast\Downloads\jxpiinstall.exe
2013-08-04 16:35 - 2013-08-04 16:35 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 16:35 - 2010-05-06 13:37 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-18 20:12 - 2010-10-12 12:01 - 00000000 ____D C:\Users\PHILRA~1\AppData\Local\Google
2013-07-18 17:03 - 2013-07-18 17:02 - 64019968 _____ C:\Users\phil radon\Documents\Clip0028.AVI
2013-07-17 10:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-17 08:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-17 08:31 - 2013-07-17 08:22 - 00010557 _____ C:\Windows\IE10_main.log
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-05 02:35
==================== End Of Log ============================
--- --- --- die Addition : Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2013
Ran by phil radon at 2013-08-13 14:34:40
Running from C:\Users\phil radon\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acer Backup Manager (x32 Version: 2.0.0.60)
Acer Crystal Eye Webcam (x32 Version: 5.2.11.2)
Acer ePower Management (x32 Version: 5.00.3004)
Acer eRecovery Management (x32 Version: 4.05.3011)
Acer GameZone Console (x32 Version: 6.1.0.2)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0412.2010)
Acer Updater (x32 Version: 1.02.3001)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.4.0.2540)
Adobe Download Assistant (x32 Version: 1.2.3)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Amazonia (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Audials (x32 Version: 9.1.28500.0)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Backup Manager Basic (x32 Version: 2.0.0.60)
Bau ein Atom (HKCU)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 12.52.04)
Cake Mania (x32)
Chicken Invaders 2 (x32)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CyberLink PowerDVD 9 (x32 Version: 9.0.2829.50)
Dairy Dash (x32)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dream Day First Home (x32)
Dropbox (HKCU Version: 2.0.22)
eBay Worldwide (x32 Version: 2.1.0901)
eSobi v2 (x32 Version: 2.0.4.000274)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Farm Frenzy 2 (x32)
Galapago (x32)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
Granny In Paradise (x32)
Heroes of Hellas (x32)
IB Updater Service (x32 Version: 3.0.4.6)
iCloud (Version: 2.1.2.8)
ICQ Toolbar (x32 Version: 3.0.0)
Identity Card (x32 Version: 1.00.3003)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.2.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)
iTunes (Version: 11.0.3.42)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Launch Manager (x32 Version: 4.0.8)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
McAfee SiteAdvisor (x32 Version: 3.6.168)
MDL Chime/Chime Pro for Internet Explorer (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MP3 Recorder for YouTube 1.0 Professional-E (x32)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MT66 Software Update (x32)
MyWinLocker (x32 Version: 3.1.210.0)
MyWinLocker Suite (x32 Version: 3.1.210.0)
Nitro Reader 3 (Version: 3.0.8.5)
Norton Online Backup (x32 Version: 1.2.0.36)
NTI Backup Now 5 (x32 Version: 5.1.2.628)
NTI Backup Now Standard (x32 Version: 5.1.2.628)
NTI Media Maker 8 (x32 Version: 8.0.12.6630)
NVIDIA Drivers (Version: 1.10.59.37)
NVIDIA PhysX (x32 Version: 9.09.0428)
NVIDIA Updatus (x32 Version: 1.0.3)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
P 2.8.2 (Version: 2.8.2)
phase6_19 (x32 Version: 1.90.0000)
Photomizer (x32 Version: 1.0.10.1236)
PhotoScape (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6015)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30118)
Safari (x32 Version: 5.34.57.2)
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio (x32 Version: 1.00.0000)
Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000)
Samsung PC Studio 3 USB Driver Installer (x32 Version: 3.2.0.70701)
save2pc 4.18 (x32)
SecureW2 EAP Suite 1.1.3 for Windows (x32)
Shredder (Version: 2.0.8.3)
Shredder (x32 Version: 2.0.8.3)
Sony Sound Forge Audio Studio 9.0 (x32 Version: 9.0.232)
Spin & Win (x32)
Sun ODF Plugin for Microsoft Office 3.2 (x32 Version: 3.2.9483)
SWFPlayer 2.6.2.0 (x32 Version: 2.6.2.0)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
USB PC Camera Plus (x32 Version: 5.21.1.000)
VLC media player 1.1.11 (x32 Version: 1.1.11)
WebCam (x32 Version: 5.1.0.0)
Welcome Center (x32 Version: 1.01.3002)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Xvid 1.2.1 final uninstall (x32 Version: 1.2)
==================== Restore Points =========================
17-07-2013 06:19:31 Windows Update
29-07-2013 21:52:05 Geplanter Prüfpunkt
04-08-2013 18:17:40 Removed Java 7 Update 25
04-08-2013 18:19:39 Installed Java 7 Update 25
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {045A66CD-9C38-411E-B800-57DA9E8ACE64} - System32\Tasks\MT66 Software Update => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe [2009-11-18] (MedienTeam66)
Task: {4024E083-8C69-4BF4-B417-94539316D48D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3769479268-2353718043-1891624552-1001UA => C:\Users\phil radon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-07] (Facebook Inc.)
Task: {4159BD0B-F8F4-4060-80AA-82818458700A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {56E7C956-2887-4781-B8EA-D578A280D73F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12] (Google Inc.)
Task: {981218A9-F35E-43DC-BA5D-2CC54FFBAFF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12] (Google Inc.)
Task: {B5C20EA6-F597-4918-96FB-12AE29A2448F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3769479268-2353718043-1891624552-1001Core => C:\Users\phil radon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-07] (Facebook Inc.)
Task: {C2873ECE-4A1C-454D-BF11-67DB355BC256} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3769479268-2353718043-1891624552-1001Core.job => C:\Users\phil radon\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3769479268-2353718043-1891624552-1001UA.job => C:\Users\phil radon\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MT66 Software Update.job => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2013 05:57:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9781
Error: (07/31/2013 05:57:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9781
Error: (07/31/2013 05:57:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/29/2013 03:01:51 PM) (Source: Google Update) (User: philradon-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80
Error: (07/18/2013 08:03:36 PM) (Source: Google Update) (User: philradon-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80
Error: (07/11/2013 07:30:27 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile System.Data.SqlXml, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil because of the following error: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. (Exception from HRESULT: 0x80070020).
Error: (07/08/2013 11:00:21 AM) (Source: Application Hang) (User: )
Description: Programm EXCEL.EXE, Version 14.0.6126.5003 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1f40
Startzeit: 01ce7bb828fa247b
Endzeit: 0
Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
Berichts-ID: aeca1dd7-e7ac-11e2-a78b-705ab6f6570f
Error: (07/07/2013 05:48:21 PM) (Source: Microsoft-Windows-RestartManager) (User: philradon-PC)
Description: Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden.
Error: (06/20/2013 00:47:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9438
Error: (06/20/2013 00:47:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9438
System errors:
=============
Error: (08/13/2013 00:49:41 PM) (Source: ipnathlp) (User: )
Description: 0
Error: (08/13/2013 10:20:17 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (08/12/2013 06:56:50 PM) (Source: ipnathlp) (User: )
Description: 0
Error: (08/12/2013 03:57:03 PM) (Source: DCOM) (User: philradon-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}philradon-PCGastS-1-5-21-3769479268-2353718043-1891624552-501LocalHost (unter Verwendung von LRPC)
Error: (08/12/2013 03:56:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (08/12/2013 11:16:09 AM) (Source: DCOM) (User: philradon-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}philradon-PCGastS-1-5-21-3769479268-2353718043-1891624552-501LocalHost (unter Verwendung von LRPC)
Error: (08/12/2013 11:12:25 AM) (Source: DCOM) (User: philradon-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}philradon-PCGastS-1-5-21-3769479268-2353718043-1891624552-501LocalHost (unter Verwendung von LRPC)
Error: (08/12/2013 11:11:25 AM) (Source: DCOM) (User: philradon-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}philradon-PCGastS-1-5-21-3769479268-2353718043-1891624552-501LocalHost (unter Verwendung von LRPC)
Error: (08/12/2013 11:10:37 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (08/11/2013 07:24:56 PM) (Source: DCOM) (User: philradon-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}philradon-PCGastS-1-5-21-3769479268-2353718043-1891624552-501LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (07/31/2013 05:57:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9781
Error: (07/31/2013 05:57:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9781
Error: (07/31/2013 05:57:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/29/2013 03:01:51 PM) (Source: Google Update)(User: philradon-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80
Error: (07/18/2013 08:03:36 PM) (Source: Google Update)(User: philradon-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80
Error: (07/11/2013 07:30:27 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile System.Data.SqlXml, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil because of the following error: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. (Exception from HRESULT: 0x80070020).
System.Data.SqlXml, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil
Error: (07/08/2013 11:00:21 AM) (Source: Application Hang)(User: )
Description: EXCEL.EXE14.0.6126.50031f4001ce7bb828fa247b0C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEaeca1dd7-e7ac-11e2-a78b-705ab6f6570f
Error: (07/07/2013 05:48:21 PM) (Source: Microsoft-Windows-RestartManager)(User: philradon-PC)
Description: 1C:\Windows\explorer.exeWindows-Explorer0411719800
Error: (06/20/2013 00:47:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9438
Error: (06/20/2013 00:47:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9438
==================== Memory info ===========================
Percentage of memory in use: 54%
Total physical RAM: 3958.71 MB
Available physical RAM: 1793.84 MB
Total Pagefile: 7915.61 MB
Available Pagefile: 5714.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:360.18 GB) NTFS (Disk=0 Partition=3)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3DBF6F0F)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-13 14:53:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\PHILRA~1\AppData\Local\Temp\pwldquow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800039ba000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800039ba02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\svchost.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Windows\SysWOW64\svchost.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Users\phil radon\AppData\Local\Akamai\netsession_win.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Users\phil radon\AppData\Local\Akamai\netsession_win.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Users\phil radon\AppData\Local\Akamai\netsession_win.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Users\phil radon\AppData\Local\Akamai\netsession_win.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Users\phil radon\AppData\Roaming\Dropbox\bin\Dropbox.exe[3508] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Users\phil radon\AppData\Roaming\Dropbox\bin\Dropbox.exe[3508] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Windows\SysWOW64\jmdp\stij.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Windows\SysWOW64\jmdp\stij.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FreeLibraryAndExitThread] [10002350] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread] [10003450] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [100011e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f6077bf4
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f6077bf4 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
14.08.2013, 05:19
| #4 | |
| /// the machine /// TB-Ausbilder | Windows 7 Avira Fund Tr/Urausy was tun ?Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.08.2013, 13:44
| #5 |
| | Windows 7 Avira Fund Tr/Urausy was tun ? Alles Klar Schrauber hier sind die Daten Code:
ATTFilter ComboFix 13-08-14.01 - phil radon 14.08.2013 14:05:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.1671 [GMT 2:00]
ausgeführt von:: c:\users\phil radon\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\programdata\NVIDIA
c:\programdata\NVIDIA\NvApps.xml
c:\programdata\NVIDIA\NvStarted
c:\users\phil radon\AppData\Roaming\.#
c:\users\phil radon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\windows\security\Database\tmp.edb
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-14 bis 2013-08-14 ))))))))))))))))))))))))))))))
.
.
2013-08-14 12:20 . 2013-08-14 12:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-14 11:27 . 2013-08-14 11:27 -------- d-----w- c:\users\Gast\AppData\Roaming\Avira
2013-08-13 15:14 . 2013-08-13 15:14 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-08-13 13:05 . 2013-08-13 13:05 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-08-13 13:05 . 2013-08-13 13:05 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2013-08-13 13:05 . 2013-08-13 13:05 -------- d-----w- c:\programdata\APN
2013-08-13 13:05 . 2013-08-13 13:05 -------- d-----w- c:\users\phil radon\AppData\Roaming\Avira
2013-08-13 13:04 . 2013-08-13 13:02 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-08-13 13:04 . 2013-08-13 13:02 141376 ----a-w- c:\windows\system32\drivers\avfwot.sys
2013-08-13 13:04 . 2013-08-13 13:02 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-13 13:04 . 2013-08-13 13:02 114608 ----a-w- c:\windows\system32\drivers\avfwim.sys
2013-08-13 13:04 . 2013-08-13 13:02 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-13 13:04 . 2013-08-13 13:04 -------- d-----w- c:\program files (x86)\Avira
2013-08-13 12:32 . 2013-08-13 12:32 -------- d-----w- C:\FRST
2013-08-04 18:22 . 2013-08-04 18:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-08-04 18:21 . 2013-08-04 18:21 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-04 18:21 . 2013-08-04 18:21 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-04 18:21 . 2013-04-08 00:22 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-04 18:21 . 2010-10-30 12:38 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-11 05:06 . 2010-10-17 00:58 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 18:03 . 2013-01-29 09:29 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 18:03 . 2011-11-30 15:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-05 03:34 . 2013-07-10 09:25 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 09:25 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 09:25 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-27 05:54 . 2013-07-10 09:26 1188864 ----a-w- c:\windows\system32\wininet.dll
2013-05-27 05:53 . 2013-07-10 09:26 1492992 ----a-w- c:\windows\system32\urlmon.dll
2013-05-27 05:53 . 2013-07-10 09:26 134144 ----a-w- c:\windows\system32\url.dll
2013-05-27 05:50 . 2013-07-10 09:26 9070080 ----a-w- c:\windows\system32\mshtml.dll
2013-05-27 05:50 . 2013-07-10 09:26 97792 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-27 05:50 . 2013-07-10 09:26 735232 ----a-w- c:\windows\system32\msfeeds.dll
2013-05-27 05:50 . 2013-07-10 09:26 64512 ----a-w- c:\windows\system32\jsproxy.dll
2013-05-27 05:50 . 2013-07-10 09:26 247808 ----a-w- c:\windows\system32\ieui.dll
2013-05-27 05:50 . 2013-07-10 09:26 12295680 ----a-w- c:\windows\system32\ieframe.dll
2013-05-27 05:50 . 2013-07-10 09:26 2458112 ----a-w- c:\windows\system32\iertutil.dll
2013-05-27 05:02 . 2013-07-10 09:26 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2013-05-27 03:58 . 2013-07-10 09:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-27 03:20 . 2013-07-10 09:26 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-07-26 20:30 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]
"Akamai NetSession Interface"="c:\users\phil radon\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
"Facebook Update"="c:\users\phil radon\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-07 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-13 345144]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-07-26 1558480]
.
c:\users\phil radon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\phil radon\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\phil radon\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbet;USB 2.0 WebCAM;c:\windows\system32\DRIVERS\ETdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ETdrv.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/06/25 20:41];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl;c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-29 18:03]
.
2013-08-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3769479268-2353718043-1891624552-1001Core.job
- c:\users\phil radon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-07 11:47]
.
2013-08-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3769479268-2353718043-1891624552-1001UA.job
- c:\users\phil radon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-07 11:47]
.
2013-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12 10:09]
.
2013-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12 10:09]
.
2013-08-14 c:\windows\Tasks\MT66 Software Update.job
- c:\program files (x86)\Common Files\MT66 Software Update\UpdateClient.exe [2012-07-28 16:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-07 17412200]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-07-26 22:31; toolbar_AVIRA-V7@apn.ask.com; c:\users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
c:\users\phil radon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-save2pc_is1 - c:\users\phil radon\Desktop\Neuer Ordner (2)\save2pc\unins000.exe
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
AddRemove-{2ED4869A-6D7B-4a8f-8261-B842DA4852FA}_is1 - c:\users\phil radon\Desktop\Neuer Ordner\MP3 Recorder for YouTube\unins000.exe
AddRemove-Bau ein Atom - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-14 14:41:05
ComboFix-quarantined-files.txt 2013-08-14 12:41
.
Vor Suchlauf: 11 Verzeichnis(se), 391.420.928.000 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 396.339.339.264 Bytes frei
.
- - End Of File - - 467C500389B13364D786C1FE494CC8E5
D41D8CD98F00B204E9800998ECF8427E
|
|
14.08.2013, 19:47
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 Avira Fund Tr/Urausy was tun ? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7 Avira Fund Tr/Urausy was tun ? |
|
14.08.2013, 20:52
| #7 |
| | Windows 7 Avira Fund Tr/Urausy was tun ? alles klar mailwar durchlaufen lassen alles ok gab keine funde und als ich adwcleaner durchlaufen lassen hab hat der pc nicht neugestartet ich hoffe das is kein schlechtes zeichen mailwarelog : Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.14.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 phil radon :: PHILRADON-PC [Administrator] 14.08.2013 21:17:27 mbam-log-2013-08-14 (21-17-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 248995 Laufzeit: 4 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) AdwCleaner : Code:
ATTFilter # AdwCleaner v3.000 - Report created14/08/2013at21:27:03
# Updated 13/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : phil radon - PHILRADON-PC
# Running from : C:\Users\phil radon\Desktop\adwcleaner.exe
***** [ Services ] *****
Service Deleted : APNMCP
[#] Service Deleted : IBUpdaterService
Service Deleted : ICQ Service
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Windows\System32\ARFC
Folder Deleted : C:\Users\PHILRA~1\AppData\Local\Temp\APN
Folder Deleted : C:\Users\PHILRA~1\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Gast\AppData\LocalLow\AskToolbar
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_microsoft-word-viewer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_microsoft-word-viewer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7045CC82-B779-4F0D-9A76-99E865EDD566}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A1C1CE9F-7480-472C-847E-84A5BC0CD9AD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD125908-5F10-409F-9C01-F2207CA18887}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\IB Updater
Key Deleted : [x64] HKLM\SOFTWARE\WNLT
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7601.17514
Setting Reset : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Reset : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v22.0 (de)
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
File Deleted : C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\Askcom.xml
File Deleted : C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\askcomsearch.xml
File Deleted : C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\1smuk0yg.default\searchplugins\MyStart Search.xml
[ File : C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb174?a=6OyQh3w5fS&i=26");
Line Deleted : user_pref("browser.newtabpage.blocked", "{\"6Pnl/E95FmTWPUxfdzesww==\":1,\"cpIPrJlTX3JA1uxHPQCh2g==\[...]
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"[...]
Line Deleted : user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
Line Deleted : user_pref("extensions.enabledAddons", "werkzeugleiste_studierende%40uni-greifswald.de:1.0,toolbar_AV[...]
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{4ED1F68A-5463-[...]
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.engineVerified", false);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Deleted : user_pref("icqtoolbar.history", "download%20microsoft%20powerpoint||download%20microsoft%20word||dow[...]
Line Deleted : user_pref("icqtoolbar.installTime", "1286879126");
Line Deleted : user_pref("icqtoolbar.installsource", "1");
Line Deleted : user_pref("icqtoolbar.newtab_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "3.6.12");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uniqueID", "128688030412868800571286883637267");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1288433206);
Line Deleted : user_pref("icqtoolbar.version", "1.1.6");
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "de");
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.y[...]
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...]
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Line Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Line Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "hxxp://search.avira.com[...]
Line Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://search.avira[...]
Line Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Can't open file !
[ File : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\1smuk0yg.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
*************************
AdwCleaner[0].txt - [9622 octets] - [14/08/2013 21:27:03]
########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [9681 octets] ##########
JRT : Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.5 (08.13.2013:1)
OS: Windows 7 Home Premium x64
Ran by phil radon on 14.08.2013 at 21:37:27,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\shoD5F7.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted: [File] C:\Users\phil radon\AppData\Roaming\mozilla\firefox\profiles\3keevkmx.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Emptied folder: C:\Users\phil radon\AppData\Roaming\mozilla\firefox\profiles\3keevkmx.default\minidumps [59 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.08.2013 at 21:41:14,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und eine frische FRST : FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 Ran by phil radon (administrator) on 14-08-2013 21:42:24 Running from C:\Users\phil radon\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor) HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [17412200 2010-04-07] (NVIDIA Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] () HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\phil radon\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [Facebook Update] - C:\Users\phil radon\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-07] (Facebook Inc.) HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation) HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [tsnpstd3] - C:\Windows\tsnpstd3.exe [262144 2007-03-30] (SONIX) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-13] (Avira Operations GmbH & Co. KG) HKU\Gast\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.) HKU\Gast\...\Run: [Spotify] - C:\Users\Gast\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-09] (Spotify Ltd) HKU\Gast\...\Run: [Spotify Web Helper] - C:\Users\Gast\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-09] (Spotify Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\phil radon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\phil radon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\phil radon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Users\phil radon\Desktop\Neuer Ordner\MP3 Recorder for YouTube\IEPlugin.dll No File BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Users\phil radon\Desktop\Neuer Ordner\MP3 Recorder for YouTube\IEPlugin.dll No File Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\phil radon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\searchplugins-backup FF Extension: No Name - C:\Users\phil radon\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: werkzeugleiste_studierende - C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\Extensions\werkzeugleiste_studierende@uni-greifswald.de.xpi FF Extension: No Name - C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Recorder Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor ==================== Services (Whitelisted) ================= R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [654392 2013-08-13] (Avira Operations GmbH & Co. KG) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-08-13] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-13] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-13] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-13] (Avira Operations GmbH & Co. KG) R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-05-22] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.) R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-11-13] (Nitro PDF Software) ==================== Drivers (Whitelisted) ==================== R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-08-13] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-08-13] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-13] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-13] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-13] (Avira Operations GmbH & Co. KG) S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () S3 usbet; C:\Windows\System32\DRIVERS\ETdrv.sys [182912 2010-04-29] (Etron) R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.) R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.) U3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-14 21:35 - 2013-08-14 21:35 - 00000000 ____D C:\Windows\ERUNT 2013-08-14 21:34 - 2013-08-14 21:34 - 01158897 _____ (Thisisu) C:\Users\phil radon\Desktop\JRT.exe 2013-08-14 21:31 - 2013-08-14 21:31 - 00009776 _____ C:\Users\phil radon\Desktop\AdwCleaner[0].txt 2013-08-14 21:25 - 2013-08-14 21:30 - 00000000 ____D C:\AdwCleaner 2013-08-14 21:24 - 2013-08-14 21:24 - 00800594 _____ C:\Users\phil radon\Desktop\adwcleaner.exe 2013-08-14 21:16 - 2013-08-14 21:16 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-14 21:16 - 2013-08-14 21:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-14 21:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-14 21:15 - 2013-08-14 21:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\phil radon\Desktop\mbam-setup-1.75.0.1300.exe 2013-08-14 21:10 - 2013-08-14 21:11 - 00000000 ____D C:\Users\Gast\Desktop\tattoo 2013-08-14 21:01 - 2013-08-14 21:01 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-14 14:41 - 2013-08-14 14:41 - 00025458 _____ C:\ComboFix.txt 2013-08-14 14:02 - 2013-08-14 14:42 - 00000000 ____D C:\Qoobox 2013-08-14 14:02 - 2013-08-14 14:42 - 00000000 ____D C:\ComboFix 2013-08-14 14:02 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-08-14 14:02 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-08-14 14:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-08-14 14:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-08-14 14:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-08-14 14:02 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-08-14 14:02 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-08-14 14:02 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-08-14 14:01 - 2013-08-14 14:35 - 00000000 ____D C:\Windows\erdnt 2013-08-14 13:59 - 2013-08-14 13:59 - 05104695 ____R (Swearware) C:\Users\phil radon\Desktop\ComboFix.exe 2013-08-14 13:27 - 2013-08-14 13:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Avira 2013-08-13 18:22 - 2013-08-13 18:22 - 00000744 _____ C:\Users\phil radon\Desktop\Ereignisse.txt 2013-08-13 17:14 - 2013-08-13 17:14 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-08-13 15:05 - 2013-08-13 15:05 - 00000000 ____D C:\Users\phil radon\AppData\Roaming\Avira 2013-08-13 15:04 - 2013-08-13 15:04 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-08-13 15:04 - 2013-08-13 15:04 - 00000000 ____D C:\Program Files (x86)\Avira 2013-08-13 15:04 - 2013-08-13 15:02 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys 2013-08-13 15:04 - 2013-08-13 15:02 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-08-13 15:04 - 2013-08-13 15:02 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys 2013-08-13 15:04 - 2013-08-13 15:02 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-08-13 15:04 - 2013-08-13 15:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-08-13 14:57 - 2013-08-13 14:57 - 02092776 _____ C:\Users\phil radon\Downloads\avira_internet_security.exe 2013-08-13 14:53 - 2013-08-13 14:53 - 00005857 _____ C:\Users\phil radon\Desktop\GMER.log 2013-08-13 14:36 - 2013-08-13 14:37 - 00377856 _____ C:\Users\phil radon\Desktop\gmer_2.1.19163.exe 2013-08-13 14:34 - 2013-08-13 14:35 - 00024593 _____ C:\Users\phil radon\Desktop\Addition.txt 2013-08-13 14:32 - 2013-08-13 14:32 - 00000000 ____D C:\FRST 2013-08-13 14:31 - 2013-08-13 14:32 - 01575190 _____ (Farbar) C:\Users\phil radon\Desktop\FRST64.exe 2013-08-13 14:27 - 2013-08-13 14:30 - 00000482 _____ C:\Users\phil radon\Desktop\defogger_disable.log 2013-08-13 14:27 - 2013-08-13 14:27 - 00000000 _____ C:\Users\phil radon\defogger_reenable 2013-08-13 14:26 - 2013-08-13 14:26 - 00050477 _____ C:\Users\phil radon\Desktop\Defogger.exe 2013-08-13 12:49 - 2013-08-13 12:49 - 00000000 ____D C:\Users\phil radon\Desktop\Bafög 2013-08-04 20:21 - 2013-08-04 20:21 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-04 20:21 - 2013-08-04 20:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-04 20:21 - 2013-08-04 20:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-04 20:21 - 2013-08-04 20:21 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-04 20:21 - 2013-08-04 20:21 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-04 20:15 - 2013-08-04 20:15 - 00903080 _____ (Oracle Corporation) C:\Users\Gast\Downloads\jxpiinstall.exe 2013-07-18 17:02 - 2013-07-18 17:03 - 64019968 _____ C:\Users\phil radon\Documents\Clip0028.AVI 2013-07-17 13:26 - 2013-08-14 14:59 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner (2) 2013-07-17 08:22 - 2013-07-17 08:31 - 00010557 _____ C:\Windows\IE10_main.log ==================== One Month Modified Files and Folders ======= 2013-08-14 21:41 - 2013-08-14 21:41 - 00002706 _____ C:\Users\phil radon\Desktop\JRT.txt 2013-08-14 21:35 - 2013-08-14 21:35 - 00000000 ____D C:\Windows\ERUNT 2013-08-14 21:34 - 2013-08-14 21:34 - 01158897 _____ (Thisisu) C:\Users\phil radon\Desktop\JRT.exe 2013-08-14 21:34 - 2010-10-12 12:09 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-14 21:31 - 2013-08-14 21:31 - 00009776 _____ C:\Users\phil radon\Desktop\AdwCleaner[0].txt 2013-08-14 21:30 - 2013-08-14 21:25 - 00000000 ____D C:\AdwCleaner 2013-08-14 21:24 - 2013-08-14 21:24 - 00800594 _____ C:\Users\phil radon\Desktop\adwcleaner.exe 2013-08-14 21:23 - 2013-07-03 15:59 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Spotify 2013-08-14 21:16 - 2013-08-14 21:16 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-14 21:16 - 2013-08-14 21:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-14 21:15 - 2013-08-14 21:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\phil radon\Desktop\mbam-setup-1.75.0.1300.exe 2013-08-14 21:11 - 2013-08-14 21:10 - 00000000 ____D C:\Users\Gast\Desktop\tattoo 2013-08-14 21:09 - 2012-12-05 14:44 - 00000000 ____D C:\Users\phil radon\Downloads\Neuer Ordner 2013-08-14 21:03 - 2013-05-29 08:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-14 21:02 - 2013-01-29 16:38 - 00000000 ___RD C:\Users\phil radon\Dropbox 2013-08-14 21:02 - 2012-10-23 09:00 - 00000000 ____D C:\Users\phil radon\AppData\Roaming\Dropbox 2013-08-14 21:01 - 2013-08-14 21:01 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-14 21:01 - 2010-10-12 12:09 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-14 20:53 - 2010-06-25 20:26 - 01580355 _____ C:\Windows\WindowsUpdate.log 2013-08-14 18:52 - 2013-03-07 13:22 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3769479268-2353718043-1891624552-1001UA.job 2013-08-14 17:48 - 2012-07-28 17:48 - 00000324 _____ C:\Windows\Tasks\MT66 Software Update.job 2013-08-14 15:21 - 2013-07-07 17:46 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dropbox 2013-08-14 15:06 - 2009-07-14 06:51 - 00146518 _____ C:\Windows\setupact.log 2013-08-14 15:02 - 2013-07-03 15:59 - 00000000 ____D C:\Users\Gast\AppData\Local\Spotify 2013-08-14 15:01 - 2013-07-08 09:43 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner 2013-08-14 14:59 - 2013-07-17 13:26 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner (2) 2013-08-14 14:42 - 2013-08-14 14:02 - 00000000 ____D C:\Qoobox 2013-08-14 14:42 - 2013-08-14 14:02 - 00000000 ____D C:\ComboFix 2013-08-14 14:41 - 2013-08-14 14:41 - 00025458 _____ C:\ComboFix.txt 2013-08-14 14:41 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-08-14 14:37 - 2010-10-12 02:41 - 00000000 ___RD C:\Users\phil radon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-14 14:35 - 2013-08-14 14:01 - 00000000 ____D C:\Windows\erdnt 2013-08-14 14:21 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-08-14 13:59 - 2013-08-14 13:59 - 05104695 ____R (Swearware) C:\Users\phil radon\Desktop\ComboFix.exe 2013-08-14 13:30 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-14 13:30 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-14 13:27 - 2013-08-14 13:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Avira 2013-08-14 13:23 - 2013-05-13 17:59 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2013-08-14 13:21 - 2013-07-07 17:49 - 00000000 ___RD C:\Users\Gast\Dropbox 2013-08-14 13:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-13 18:22 - 2013-08-13 18:22 - 00000744 _____ C:\Users\phil radon\Desktop\Ereignisse.txt 2013-08-13 17:14 - 2013-08-13 17:14 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-08-13 15:08 - 2010-06-25 20:23 - 00081848 _____ C:\Windows\PFRO.log 2013-08-13 15:07 - 2013-01-13 22:43 - 00000000 ____D C:\Users\phil radon\AppData\Roaming\eSobi 2013-08-13 15:05 - 2013-08-13 15:05 - 00000000 ____D C:\Users\phil radon\AppData\Roaming\Avira 2013-08-13 15:04 - 2013-08-13 15:04 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-08-13 15:04 - 2013-08-13 15:04 - 00000000 ____D C:\Program Files (x86)\Avira 2013-08-13 15:04 - 2010-12-15 17:46 - 00000000 ____D C:\ProgramData\Avira 2013-08-13 15:02 - 2013-08-13 15:04 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys 2013-08-13 15:02 - 2013-08-13 15:04 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-08-13 15:02 - 2013-08-13 15:04 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys 2013-08-13 15:02 - 2013-08-13 15:04 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-08-13 15:02 - 2013-08-13 15:04 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-08-13 14:57 - 2013-08-13 14:57 - 02092776 _____ C:\Users\phil radon\Downloads\avira_internet_security.exe 2013-08-13 14:53 - 2013-08-13 14:53 - 00005857 _____ C:\Users\phil radon\Desktop\GMER.log 2013-08-13 14:37 - 2013-08-13 14:36 - 00377856 _____ C:\Users\phil radon\Desktop\gmer_2.1.19163.exe 2013-08-13 14:35 - 2013-08-13 14:34 - 00024593 _____ C:\Users\phil radon\Desktop\Addition.txt 2013-08-13 14:32 - 2013-08-13 14:32 - 00000000 ____D C:\FRST 2013-08-13 14:32 - 2013-08-13 14:31 - 01575190 _____ (Farbar) C:\Users\phil radon\Desktop\FRST64.exe 2013-08-13 14:30 - 2013-08-13 14:27 - 00000482 _____ C:\Users\phil radon\Desktop\defogger_disable.log 2013-08-13 14:27 - 2013-08-13 14:27 - 00000000 _____ C:\Users\phil radon\defogger_reenable 2013-08-13 14:27 - 2010-10-12 02:39 - 00000000 ____D C:\Users\phil radon 2013-08-13 14:26 - 2013-08-13 14:26 - 00050477 _____ C:\Users\phil radon\Desktop\Defogger.exe 2013-08-13 12:52 - 2013-03-07 13:22 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3769479268-2353718043-1891624552-1001Core.job 2013-08-13 12:49 - 2013-08-13 12:49 - 00000000 ____D C:\Users\phil radon\Desktop\Bafög 2013-08-13 10:38 - 2010-06-26 06:17 - 00654852 _____ C:\Windows\system32\perfh007.dat 2013-08-13 10:38 - 2010-06-26 06:17 - 00130434 _____ C:\Windows\system32\perfc007.dat 2013-08-13 10:38 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-04 20:21 - 2013-08-04 20:21 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-04 20:21 - 2013-08-04 20:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-04 20:21 - 2013-08-04 20:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-04 20:21 - 2013-08-04 20:21 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-04 20:21 - 2013-08-04 20:21 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-04 20:21 - 2013-04-08 02:22 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-08-04 20:21 - 2010-10-30 14:38 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-04 20:15 - 2013-08-04 20:15 - 00903080 _____ (Oracle Corporation) C:\Users\Gast\Downloads\jxpiinstall.exe 2013-08-04 16:35 - 2010-05-06 13:37 - 00000000 ____D C:\Program Files (x86)\Google 2013-07-18 20:12 - 2010-10-12 12:01 - 00000000 ____D C:\Users\PHILRA~1\AppData\Local\Google 2013-07-18 17:03 - 2013-07-18 17:02 - 64019968 _____ C:\Users\phil radon\Documents\Clip0028.AVI 2013-07-17 10:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-07-17 08:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-07-17 08:31 - 2013-07-17 08:22 - 00010557 _____ C:\Windows\IE10_main.log ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-14 15:50 ==================== End Of Log ============================ --- --- --- |
|
15.08.2013, 12:12
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 Avira Fund Tr/Urausy was tun ?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.08.2013, 14:27
| #9 |
| | Windows 7 Avira Fund Tr/Urausy was tun ? tut mir leid das ich so lange nicht mehr geandwortet habe aber ich war auf reisen also die logs der reihe nach : Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fc6bf40630b57541a709806cf3d7d0e0
# engine=14917
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-27 01:15:11
# local_time=2013-08-27 03:15:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 4088683 129239161 0 0
# scanned=219660
# found=2
# cleaned=0
# scan_time=7446
sh=6695B120EF12A0E6E6DD0476EFE01B19085D4D7D ft=0 fh=0000000000000000 vn="Win32/LockScreen.AQD trojan" ac=I fn="C:\Users\Gast\AppData\Local\Temp\47A4Pzfj.zip.part"
sh=A7AF0B75E33CA34A5EBF75B038175FCD839EB3AB ft=1 fh=c71c00114b5c3c09 vn="a variant of Win32/Kryptik.BIUX trojan" ac=I fn="C:\Users\Gast\AppData\Local\Temp\w3A_TroY.exe.part"
Code:
ATTFilter Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` McAfee SiteAdvisor Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.8.800.94 Adobe Reader XI Mozilla Firefox (23.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 (ATTENTION: ====> FRST version is 14 days old and could be outdated)
Ran by phil radon (administrator) on 27-08-2013 15:23:47
Running from C:\Users\phil radon\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Akamai Technologies, Inc.) C:\Users\phil radon\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Facebook Inc.) C:\Users\phil radon\AppData\Local\Facebook\Update\FacebookUpdate.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Akamai Technologies, Inc.) C:\Users\phil radon\AppData\Local\Akamai\netsession_win.exe
(Dropbox, Inc.) C:\Users\phil radon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [17412200 2010-04-07] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\phil radon\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\phil radon\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-07] (Facebook Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [tsnpstd3] - C:\Windows\tsnpstd3.exe [262144 2007-03-30] (SONIX)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-13] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Gast\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKU\Gast\...\Run: [Spotify] - C:\Users\Gast\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-09] (Spotify Ltd)
HKU\Gast\...\Run: [Spotify Web Helper] - C:\Users\Gast\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-09] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\phil radon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\phil radon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\phil radon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Users\phil radon\Desktop\Neuer Ordner\MP3 Recorder for YouTube\IEPlugin.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Users\phil radon\Desktop\Neuer Ordner\MP3 Recorder for YouTube\IEPlugin.dll No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\phil radon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Users\phil radon\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: werkzeugleiste_studierende - C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\Extensions\werkzeugleiste_studierende@uni-greifswald.de.xpi
FF Extension: No Name - C:\Users\phil radon\AppData\Roaming\Mozilla\Firefox\Profiles\3keevkmx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Recorder Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [654392 2013-08-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-08-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-13] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-05-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-11-13] (Nitro PDF Software)
==================== Drivers (Whitelisted) ====================
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-08-13] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-08-13] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-13] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 usbet; C:\Windows\System32\DRIVERS\ETdrv.sys [182912 2010-04-29] (Etron)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-27 15:18 - 2013-08-27 15:18 - 00891115 _____ C:\Users\phil radon\Desktop\SecurityCheck.exe
2013-08-27 13:08 - 2013-08-27 13:08 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-27 13:07 - 2013-08-27 13:07 - 02347384 _____ (ESET) C:\Users\phil radon\Downloads\esetsmartinstaller_enu(1).exe
2013-08-27 13:06 - 2013-08-27 13:06 - 02347384 _____ (ESET) C:\Users\phil radon\Downloads\esetsmartinstaller_enu.exe
2013-08-14 23:52 - 2013-08-14 23:55 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 21:35 - 2013-08-14 21:35 - 00000000 ____D C:\Windows\ERUNT
2013-08-14 21:34 - 2013-08-14 21:34 - 01158897 _____ (Thisisu) C:\Users\phil radon\Desktop\JRT.exe
2013-08-14 21:25 - 2013-08-14 21:30 - 00000000 ____D C:\AdwCleaner
2013-08-14 21:24 - 2013-08-14 21:24 - 00800594 _____ C:\Users\phil radon\Desktop\adwcleaner.exe
2013-08-14 21:16 - 2013-08-14 21:16 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-14 21:16 - 2013-08-14 21:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-14 21:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-14 21:10 - 2013-08-14 21:11 - 00000000 ____D C:\Users\Gast\Desktop\tattoo
2013-08-14 21:01 - 2013-08-15 10:21 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-14 14:41 - 2013-08-14 14:41 - 00025458 _____ C:\ComboFix.txt
2013-08-14 14:02 - 2013-08-14 14:42 - 00000000 ____D C:\Qoobox
2013-08-14 14:02 - 2013-08-14 14:42 - 00000000 ____D C:\ComboFix
2013-08-14 14:02 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-14 14:02 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-14 14:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-14 14:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-14 14:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-14 14:02 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-14 14:02 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-14 14:02 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-14 14:01 - 2013-08-14 14:35 - 00000000 ____D C:\Windows\erdnt
2013-08-14 13:59 - 2013-08-14 13:59 - 05104695 ____R (Swearware) C:\Users\phil radon\Desktop\ComboFix.exe
2013-08-14 13:37 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 13:37 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 13:37 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 13:37 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 13:37 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 13:37 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 13:37 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 13:37 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 13:37 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 13:37 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 13:37 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 13:36 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 13:36 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 13:36 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 13:36 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 13:36 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 13:36 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 13:36 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 13:36 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 13:36 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 13:36 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 13:36 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 13:36 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 13:36 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 13:36 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 13:36 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 13:35 - 2013-07-24 15:40 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 13:35 - 2013-07-24 15:40 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 13:35 - 2013-07-24 15:14 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 13:35 - 2013-07-24 15:14 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 13:35 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 13:34 - 2013-07-24 15:40 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 13:34 - 2013-07-24 15:40 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 13:34 - 2013-07-24 15:40 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 13:34 - 2013-07-24 15:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 13:34 - 2013-07-24 15:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 13:34 - 2013-07-24 15:40 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 13:34 - 2013-07-24 15:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 13:34 - 2013-07-24 15:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 13:34 - 2013-07-24 15:14 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 13:34 - 2013-07-24 15:14 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 13:34 - 2013-07-24 15:14 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 13:34 - 2013-07-24 15:14 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 13:34 - 2013-07-24 15:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 13:34 - 2013-07-24 15:14 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-14 13:34 - 2013-07-24 15:14 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-14 13:34 - 2013-07-24 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 13:34 - 2013-07-24 13:43 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 13:34 - 2013-07-24 13:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 13:27 - 2013-08-14 13:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Avira
2013-08-13 17:14 - 2013-08-13 17:14 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-13 15:05 - 2013-08-13 15:05 - 00000000 ____D C:\Users\phil radon\AppData\Roaming\Avira
2013-08-13 15:04 - 2013-08-13 15:04 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-13 15:04 - 2013-08-13 15:04 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-13 15:04 - 2013-08-13 15:02 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2013-08-13 15:04 - 2013-08-13 15:02 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-13 15:04 - 2013-08-13 15:02 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2013-08-13 15:04 - 2013-08-13 15:02 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-13 15:04 - 2013-08-13 15:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-13 14:57 - 2013-08-13 14:57 - 02092776 _____ C:\Users\phil radon\Downloads\avira_internet_security.exe
2013-08-13 14:36 - 2013-08-13 14:37 - 00377856 _____ C:\Users\phil radon\Desktop\gmer_2.1.19163.exe
2013-08-13 14:32 - 2013-08-13 14:32 - 00000000 ____D C:\FRST
2013-08-13 14:31 - 2013-08-13 14:32 - 01575190 _____ (Farbar) C:\Users\phil radon\Desktop\FRST64.exe
2013-08-13 14:27 - 2013-08-13 14:27 - 00000000 _____ C:\Users\phil radon\defogger_reenable
2013-08-13 14:26 - 2013-08-13 14:26 - 00050477 _____ C:\Users\phil radon\Desktop\Defogger.exe
2013-08-13 12:49 - 2013-08-13 12:49 - 00000000 ____D C:\Users\phil radon\Desktop\Bafög
2013-08-04 20:21 - 2013-08-04 20:21 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-04 20:21 - 2013-08-04 20:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-04 20:21 - 2013-08-04 20:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-04 20:21 - 2013-08-04 20:21 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-04 20:21 - 2013-08-04 20:21 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-04 20:15 - 2013-08-04 20:15 - 00903080 _____ (Oracle Corporation) C:\Users\Gast\Downloads\jxpiinstall.exe
==================== One Month Modified Files and Folders =======
2013-08-27 15:21 - 2013-08-27 15:21 - 00001010 _____ C:\Users\phil radon\Desktop\checkup.txt
2013-08-27 15:21 - 2010-10-12 12:01 - 00000000 ____D C:\Users\PHILRA~1\AppData\Local\Google
2013-08-27 15:18 - 2013-08-27 15:18 - 00891115 _____ C:\Users\phil radon\Desktop\SecurityCheck.exe
2013-08-27 15:03 - 2013-05-29 08:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-27 14:49 - 2010-06-25 20:26 - 01857271 _____ C:\Windows\WindowsUpdate.log
2013-08-27 14:34 - 2010-10-12 12:09 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-27 13:08 - 2013-08-27 13:08 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-27 13:07 - 2013-08-27 13:07 - 02347384 _____ (ESET) C:\Users\phil radon\Downloads\esetsmartinstaller_enu(1).exe
2013-08-27 13:06 - 2013-08-27 13:06 - 02347384 _____ (ESET) C:\Users\phil radon\Downloads\esetsmartinstaller_enu.exe
2013-08-27 13:05 - 2013-01-29 16:38 - 00000000 ___RD C:\Users\phil radon\Dropbox
2013-08-27 13:05 - 2012-10-23 09:00 - 00000000 ____D C:\Users\phil radon\AppData\Roaming\Dropbox
2013-08-27 13:05 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-27 13:05 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-27 13:04 - 2010-10-12 12:09 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-27 12:59 - 2013-07-07 17:49 - 00000000 ___RD C:\Users\Gast\Dropbox
2013-08-27 12:59 - 2013-07-07 17:46 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dropbox
2013-08-27 12:58 - 2013-07-03 15:59 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Spotify
2013-08-27 12:58 - 2013-05-13 17:59 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-08-27 12:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-27 12:57 - 2009-07-14 06:51 - 00147022 _____ C:\Windows\setupact.log
2013-08-27 12:55 - 2013-07-17 13:26 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner (2)
2013-08-27 00:52 - 2013-03-07 13:22 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3769479268-2353718043-1891624552-1001UA.job
2013-08-27 00:00 - 2012-05-14 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-27 00:00 - 2010-06-25 20:23 - 00083920 _____ C:\Windows\PFRO.log
2013-08-26 17:53 - 2012-07-28 17:48 - 00000324 _____ C:\Windows\Tasks\MT66 Software Update.job
2013-08-26 16:58 - 2013-05-22 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-26 16:50 - 2013-04-08 20:40 - 00000000 ____D C:\Program Files\McAfee
2013-08-25 15:22 - 2013-03-07 13:22 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3769479268-2353718043-1891624552-1001Core.job
2013-08-24 12:47 - 2013-07-07 17:49 - 00001022 _____ C:\Users\Gast\Desktop\Dropbox.lnk
2013-08-24 12:47 - 2013-05-29 08:14 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-24 12:47 - 2013-01-29 11:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-24 12:47 - 2011-11-30 17:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-24 12:45 - 2013-07-03 15:59 - 00000000 ____D C:\Users\Gast\AppData\Local\Spotify
2013-08-15 10:21 - 2013-08-14 21:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-14 23:58 - 2010-06-26 06:17 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-08-14 23:58 - 2010-06-26 06:17 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-08-14 23:58 - 2009-07-14 07:13 - 01522286 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 23:55 - 2013-08-14 23:52 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 23:52 - 2010-10-17 02:58 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 21:35 - 2013-08-14 21:35 - 00000000 ____D C:\Windows\ERUNT
2013-08-14 21:34 - 2013-08-14 21:34 - 01158897 _____ (Thisisu) C:\Users\phil radon\Desktop\JRT.exe
2013-08-14 21:30 - 2013-08-14 21:25 - 00000000 ____D C:\AdwCleaner
2013-08-14 21:27 - 2010-10-12 12:25 - 00000000 ____D C:\ProgramData\ICQ
2013-08-14 21:24 - 2013-08-14 21:24 - 00800594 _____ C:\Users\phil radon\Desktop\adwcleaner.exe
2013-08-14 21:16 - 2013-08-14 21:16 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-14 21:16 - 2013-08-14 21:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-14 21:11 - 2013-08-14 21:10 - 00000000 ____D C:\Users\Gast\Desktop\tattoo
2013-08-14 21:09 - 2012-12-05 14:44 - 00000000 ____D C:\Users\phil radon\Downloads\Neuer Ordner
2013-08-14 15:01 - 2013-07-08 09:43 - 00000000 ____D C:\Users\Gast\Desktop\Neuer Ordner
2013-08-14 14:42 - 2013-08-14 14:02 - 00000000 ____D C:\Qoobox
2013-08-14 14:42 - 2013-08-14 14:02 - 00000000 ____D C:\ComboFix
2013-08-14 14:41 - 2013-08-14 14:41 - 00025458 _____ C:\ComboFix.txt
2013-08-14 14:41 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-14 14:37 - 2010-10-12 02:41 - 00000000 ___RD C:\Users\phil radon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-14 14:35 - 2013-08-14 14:01 - 00000000 ____D C:\Windows\erdnt
2013-08-14 14:21 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-14 13:59 - 2013-08-14 13:59 - 05104695 ____R (Swearware) C:\Users\phil radon\Desktop\ComboFix.exe
2013-08-14 13:27 - 2013-08-14 13:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Avira
2013-08-13 17:14 - 2013-08-13 17:14 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-13 15:07 - 2013-01-13 22:43 - 00000000 ____D C:\Users\phil radon\AppData\Roaming\eSobi
2013-08-13 15:05 - 2013-08-13 15:05 - 00000000 ____D C:\Users\phil radon\AppData\Roaming\Avira
2013-08-13 15:04 - 2013-08-13 15:04 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-13 15:04 - 2013-08-13 15:04 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-13 15:04 - 2010-12-15 17:46 - 00000000 ____D C:\ProgramData\Avira
2013-08-13 15:02 - 2013-08-13 15:04 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2013-08-13 15:02 - 2013-08-13 15:04 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-13 15:02 - 2013-08-13 15:04 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2013-08-13 15:02 - 2013-08-13 15:04 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-13 15:02 - 2013-08-13 15:04 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-13 14:57 - 2013-08-13 14:57 - 02092776 _____ C:\Users\phil radon\Downloads\avira_internet_security.exe
2013-08-13 14:37 - 2013-08-13 14:36 - 00377856 _____ C:\Users\phil radon\Desktop\gmer_2.1.19163.exe
2013-08-13 14:32 - 2013-08-13 14:32 - 00000000 ____D C:\FRST
2013-08-13 14:32 - 2013-08-13 14:31 - 01575190 _____ (Farbar) C:\Users\phil radon\Desktop\FRST64.exe
2013-08-13 14:27 - 2013-08-13 14:27 - 00000000 _____ C:\Users\phil radon\defogger_reenable
2013-08-13 14:27 - 2010-10-12 02:39 - 00000000 ____D C:\Users\phil radon
2013-08-13 14:26 - 2013-08-13 14:26 - 00050477 _____ C:\Users\phil radon\Desktop\Defogger.exe
2013-08-13 12:49 - 2013-08-13 12:49 - 00000000 ____D C:\Users\phil radon\Desktop\Bafög
2013-08-04 20:21 - 2013-08-04 20:21 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-04 20:21 - 2013-08-04 20:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-04 20:21 - 2013-08-04 20:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-04 20:21 - 2013-08-04 20:21 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-04 20:21 - 2013-08-04 20:21 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-04 20:21 - 2013-04-08 02:22 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-04 20:21 - 2010-10-30 14:38 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-04 20:15 - 2013-08-04 20:15 - 00903080 _____ (Oracle Corporation) C:\Users\Gast\Downloads\jxpiinstall.exe
2013-08-04 16:35 - 2010-05-06 13:37 - 00000000 ____D C:\Program Files (x86)\Google
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-14 15:50
==================== End Of Log ============================
|
|
27.08.2013, 20:13
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 Avira Fund Tr/Urausy was tun ? Flash Player updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.09.2013, 21:44
| #11 |
| | Windows 7 Avira Fund Tr/Urausy was tun ? alles klar ich danke dir alles super und die tipps nehm ich mir zu herzen  |
|
02.09.2013, 08:13
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7 Avira Fund Tr/Urausy was tun ? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 Avira Fund Tr/Urausy was tun ? |
| angezeigt, anleitung, avira, befolgt, defogger, eurer, fund, funde, gmer, guten, hochladen, hoffe, leitung, neu, richtig, runtergeladen, tr/urausy, trojaner, was tun, windows, windows 7 |
Linear-Darstellung
