| |
| |||||||
Log-Analyse und Auswertung: Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde anWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.09.2013, 16:00
| #1 |
 |  Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde an Hallihallo, letztens meinte meine Freundin, dass ihr Laptop sehr viel langsamer laufen wuerde, ich dachte sofort an Viren und machte mal einen Komplettscan mit Malewarebytes und jetzt kommt's: Malewarebytes hing sich irgendwann auf, nachdem es sage und schreibe fast 100 Funde verzeichnete.... ich war voellig geplaettet, ein wunder, dass der pc ueberhaupt noch funktioniert. Sie hatte ueber 4 Anti-Virenprogramme darauf installiert (genau....) und war wohl oefter auf gewissen kino-seiten... da war dann alles klar. Sie hat den Lappi wohl schon seit Jahren und hat sich nie um Antivirenprogramme etc. gekuemmert. Sie hatte allein 4 Gb temporaere Daten darauf. Hier die Scans und Logs, ich hoffe, dass noch was zu retten ist - sie nutzt ihn fuer die Uni und Neuaufsetzen waere wohl etwas zeitintensiv. Vielen Dank schonmal! defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:49 on 02/09/2013 (Samira)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:AlcoholAutomount -> Removed
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-09-2013 04 Ran by Samira at 2013-09-02 14:06:45 Running from C:\Users\Samira\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Reader X (10.1.3) - Deutsch (Version: 10.1.3) Artweaver Free 4 (Version: 4.0) avast! Free Antivirus (Version: 7.0.1474.0) Avira Free Antivirus (Version: 13.0.0.3885) Avira SearchFree Toolbar plus Web Protection (Version: 12.2.2.663) AVM FRITZ!DSL (Version: 2.04.03) CCleaner (Version: 3.17) D3DX10 (Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Die Sims™ 3 Einfach tierisch: Erstelle ein Tier-Demo (Version: 1.0.24) Fotogalerie (Version: 16.4.3505.0912) GIMP 2.8.2 (Version: 2.8.2) Google Chrome (HKCU Version: 29.0.1547.57) Google Earth (Version: 7.1.1.1888) Google Update Helper (Version: 1.3.21.153) IB Updater Service (Version: 3.0.5.4) Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930) Intel(R) TV Wizard Internet Explorer Toolbar 4.6 by SweetPacks (Version: 4.6.0004) Java Auto Updater (Version: 2.0.7.2) Java(TM) 6 Update 37 (Version: 6.0.370) JDownloader 0.9 (Version: 0.9) Join Air (Version: 1.0.0.1) Kröt XS Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) McAfee Security Scan Plus (Version: 3.0.207.4) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Movie Maker (Version: 16.4.3505.0912) Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1) Mozilla Maintenance Service (Version: 23.0.1) MSVCRT (Version: 15.4.2862.0708) MSVCRT110 (Version: 16.4.1108.0727) OpenOffice.org 3.3 (Version: 3.3.9567) Pando Media Booster (Version: 2.6.0.8) PDFCreator (Version: 1.5.1) Photo Gallery (Version: 16.4.3505.0912) Sandboxie 3.74 (32-bit) (Version: 3.74) Skype™ 6.3 (Version: 6.3.107) SweetIM for Messenger 3.7 (Version: 3.7.0007) SweetPacks bundle uninstaller (Version: 1.0.0001) Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update Manager for SweetPacks 1.1 (Version: 1.1.0008) Windows Live Communications Platform (Version: 16.4.3505.0912) Windows Live Essentials (Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (Version: 16.4.3505.0912) Windows Live Photo Common (Version: 16.4.3505.0912) Windows Live PIMT Platform (Version: 16.4.3505.0912) Windows Live SOXE (Version: 16.4.3505.0912) Windows Live SOXE Definitions (Version: 16.4.3505.0912) Windows Live UX Platform (Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (Version: 16.4.3505.0912) WinZip 11.1 (Version: 11.1.7466) Yahoo! Detect ==================== Restore Points ========================= 20-08-2013 14:43:36 Windows Update 30-08-2013 19:04:30 Geplanter Prüfpunkt 31-08-2013 05:18:15 Windows Update 02-09-2013 11:54:18 Removed U2bviews Software 02-09-2013 11:56:34 Removed Norton Ghost. ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {00E0092F-67D6-4F42-9F72-BD45809F5AB8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-272472105-3204116038-1883624732-1000UA => C:\Users\Samira\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-29] (Google Inc.) Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started Task: {192B79B4-20E2-41BF-AF09-0C5B1B3F1F92} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-31] (AVAST Software) Task: {37D641F5-ADA7-4DDF-B15F-D8A895F005AD} - System32\Tasks\KMS Activation for Office => C:\Windows\KMSAct.exe [2010-07-07] () Task: {3AE8CA5D-7755-45DC-8150-0C73409277A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-29] (Google Inc.) Task: {50055E14-63F6-4E4D-AE1E-FFE49FB51036} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-30] (Adobe Systems Incorporated) Task: {57C2FE8A-6FE6-4797-8246-6070B5229851} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-06-24] (Microsoft Corporation) Task: {6B3BB7BA-C346-44AD-9344-E76ED15860D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-29] (Google Inc.) Task: {AD4C0E3E-5A38-4C70-9D80-D8D902D9E21E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {C8AA1678-84D7-4D8F-828E-9C85A724D70F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-272472105-3204116038-1883624732-1000Core => C:\Users\Samira\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-29] (Google Inc.) Task: {F3BAE72A-EC2C-4E20-9271-FDCF84CF8CAB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc Task: {F82DAF33-39BB-4E06-9282-D8DBB5A9EEB9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-272472105-3204116038-1883624732-1000Core.job => C:\Users\Samira\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-272472105-3204116038-1883624732-1000UA.job => C:\Users\Samira\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-04 17:34 - 2012-10-04 17:34 - 00026968 ____R (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll 2006-07-11 19:35 - 2006-07-11 19:35 - 00348160 _____ (Microsoft Corporation) C:\Program Files\SweetIM\Messenger\MSVCR71.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00121528 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\ashShell.dll 2012-08-16 06:43 - 2012-08-16 06:43 - 04171424 _____ (Microsoft Corporation) C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL 2011-06-24 17:33 - 2011-06-24 17:33 - 00159048 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL 2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf 2010-10-29 04:01 - 2010-10-29 04:01 - 08953256 _____ (Microsoft Corporation) C:\PROGRA~1\MICROS~2\Office14\1031\GrooveIntlResource.dll 2009-07-14 01:22 - 2009-07-14 03:15 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\FunDisc.dll 2009-07-14 01:22 - 2009-07-14 03:15 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\fdproxy.dll 2007-04-11 11:10 - 2007-04-11 11:10 - 00010856 ____R (WinZip Computing, S.L.) C:\Program Files\WinZip\wzshlstb.dll 2009-07-14 01:53 - 2009-07-14 03:16 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\NetworkItemFactory.dll 2009-07-14 01:53 - 2009-07-14 03:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\dtsh.dll 2009-07-14 01:53 - 2009-07-14 03:15 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2009-07-14 01:53 - 2009-07-14 03:15 - 00081920 _____ (Microsoft Corporation) C:\Windows\System32\fdwcn.dll 2009-07-14 01:53 - 2009-07-14 03:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\wcnapi.dll 2009-07-14 01:22 - 2009-07-14 03:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\fdWNet.dll 2009-07-14 01:37 - 2009-07-14 03:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\dfscli.dll 2012-08-15 22:44 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll 2009-07-28 16:08 - 2009-07-28 16:08 - 00028472 _____ (AVM Berlin) C:\Program Files\FRITZ!DSL\sarah.dll 2009-07-28 16:06 - 2009-07-28 16:06 - 00082744 _____ (AVM Berlin) C:\Program Files\FRITZ!DSL\block.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00258104 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avsda.dll 2009-07-14 01:54 - 2009-07-14 03:09 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\rnr20.dll 2011-05-29 11:53 - 2010-11-20 14:21 - 00410624 _____ (Microsoft Corporation) C:\Windows\System32\systemcpl.dll 2009-07-14 01:18 - 2009-07-14 03:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\WINBRAND.dll 2011-05-29 11:53 - 2010-11-20 14:20 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\SPPC.DLL 2010-01-09 21:21 - 2010-01-09 21:21 - 00061824 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\msohevi.dll 2013-09-02 11:38 - 2013-08-31 20:32 - 00154680 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\shlext.dll 2011-06-11 01:58 - 2011-06-11 01:58 - 04422992 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll 2011-06-11 01:58 - 2011-06-11 01:58 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll 2011-06-11 01:58 - 2011-06-11 01:58 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll 2011-06-11 01:58 - 2011-06-11 01:58 - 00064336 _____ (Microsoft Corporation) C:\Windows\system32\MFC100DEU.DLL 2012-11-08 19:07 - 2012-10-31 00:50 - 00236888 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\snxhk.dll 2009-09-23 18:49 - 2009-09-23 18:49 - 00094208 _____ (Intel Corporation) C:\Windows\System32\hccutils.DLL 2009-09-23 18:49 - 2009-09-23 18:49 - 00051712 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll 2009-09-23 18:52 - 2009-09-23 18:52 - 00303616 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc 2009-09-23 18:48 - 2009-09-23 18:48 - 05702656 _____ (Intel Corporation) C:\Windows\System32\igfxress.dll 2013-05-27 10:56 - 2013-05-27 10:56 - 00382976 _____ () C:\Windows\System32\jmdp\lmrn.dll 2013-02-05 09:25 - 2013-02-05 09:25 - 00362029 _____ () C:\Windows\System32\jmdp\sqlite3.dll 2009-09-23 18:49 - 2009-09-23 18:49 - 00218112 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00027296 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswUtil.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00441352 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\ashBase.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00051000 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngLdr.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00099416 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswCmnOS.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00191568 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswCmnIS.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00347616 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswCmnBS.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00153976 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\ashTask.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00682384 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswAux.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00220944 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswLog.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00476360 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswSqLt.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00217848 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswProperty.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00120504 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\AavmRpch.dll 2011-06-24 17:33 - 2011-06-24 17:33 - 03781960 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll 2011-06-24 17:33 - 2011-06-24 17:33 - 00063312 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90DEU.DLL 2012-11-08 19:07 - 2012-10-31 00:51 - 00066944 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\1031\Base.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 02162488 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswAra.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00191080 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswData.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00061800 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\ashTaskEx.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00368752 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\Aavm4h.dll 2012-11-08 19:07 - 2012-10-31 00:51 - 00235376 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\1031\UILangRes.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 06439048 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\CommonRes.dll 2013-09-02 10:17 - 2013-08-19 15:26 - 00042688 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\defs\13090200\uiExt.dll 2012-10-04 17:35 - 2012-10-04 17:35 - 00299352 ____R (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll 2012-10-04 17:35 - 2012-10-04 17:35 - 00098648 ____R (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\mgsimcommon.dll 2012-10-04 17:34 - 2012-10-04 17:34 - 00516440 ____R (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\mgcommon.dll 2006-07-11 19:35 - 2006-07-11 19:35 - 00503808 _____ (Microsoft Corporation) C:\Program Files\SweetIM\Messenger\MSVCP71.dll 2012-10-04 17:34 - 2012-10-04 17:34 - 00036696 ____R (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\mgcommunication.dll 2012-10-04 17:34 - 2012-10-04 17:34 - 00168280 ____R (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\mghooking.dll 2012-10-04 17:35 - 2012-10-04 17:35 - 00074072 ____R (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll 2012-10-04 17:34 - 2012-10-04 17:34 - 00065880 ____R (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\mgconfig.dll 2012-08-15 20:08 - 2012-08-15 20:08 - 00650584 ____R (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Communicator\mgcommon.dll 2012-08-15 20:08 - 2012-08-15 20:08 - 00061272 _____ (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Communicator\mgxml_wrapper.dll 2012-08-15 20:08 - 2012-08-15 20:08 - 00041304 _____ (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Communicator\mgcommunication.dll 2012-08-15 20:08 - 2012-08-15 20:08 - 00071512 _____ (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Communicator\mgsimcommon.dll 2013-08-20 16:44 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00126160 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswJsFlt.dll 2011-05-29 11:53 - 2010-11-20 14:19 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\LOGONCLI.DLL 2012-08-15 22:44 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\BROWCLI.DLL 2013-09-02 11:38 - 2013-08-31 20:31 - 00739384 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00054840 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cfglib.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccguard.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00030432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdrc.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdw.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00378424 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\grdcore.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\gpipc.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00059448 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avipc.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00418872 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrd.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00026168 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrdrc.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00127544 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrdw.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00790584 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgen.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00049208 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgenrc.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00219192 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdate.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00029472 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdrc.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00082488 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclic.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00011632 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclicrc.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00207928 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsg.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00010608 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsgrc.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 04780832 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\rcimage.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00016240 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmainrc.dll 2013-09-02 11:38 - 2013-08-31 20:31 - 00212536 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll 2012-08-25 22:27 - 2012-08-25 22:27 - 00316688 _____ (SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieDll.dll 2011-05-29 11:53 - 2010-11-20 14:20 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll 2011-05-29 11:53 - 2010-11-20 14:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll 2009-09-23 19:14 - 2009-09-23 19:14 - 00536576 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll 2009-09-23 19:18 - 2009-09-23 19:18 - 03829760 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00140104 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\AhAScr.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00347616 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\aswCmnBS.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00099416 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\aswCmnOS.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00191568 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\aswCmnIS.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00368752 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\Aavm4h.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00120504 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\AavmRpch.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00441352 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\ashBase.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00051000 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\aswEngLdr.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00153976 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\ashTask.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00682384 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\aswAux.dll 2012-11-08 19:07 - 2012-10-31 00:50 - 00217848 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\aswProperty.dll 2013-08-20 16:44 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-02-27 10:44 - 2013-01-13 22:22 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Warp.dll 2009-07-28 16:07 - 2009-07-28 16:07 - 00068408 _____ (AVM Berlin) C:\Program Files\FRITZ!DSL\fireapi.dll 2009-07-28 16:07 - 2009-07-28 16:07 - 00064312 _____ (AVM Berlin) C:\Program Files\FRITZ!DSL\igdapi.dll 2009-07-28 16:06 - 2009-07-28 16:06 - 00260408 _____ (AVM Berlin) C:\Program Files\FRITZ!DSL\avmcsock.dll 2009-07-28 16:06 - 2009-07-28 16:06 - 00036152 _____ (AVM Berlin) C:\Program Files\FRITZ!DSL\avmufc.dll 2011-06-24 17:33 - 2011-06-24 17:33 - 03766600 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90.dll 1999-03-11 14:15 - 1999-03-11 14:15 - 00037632 _____ (Microsoft Corporation) C:\Program Files\FRITZ!DSL\SHFOLDER.dll 2011-05-29 11:53 - 2010-11-20 14:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2009-07-14 02:12 - 2009-07-14 03:14 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx 2013-08-22 21:17 - 2013-08-16 05:20 - 47067600 _____ (Google Inc.) C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.57\chrome.dll 2013-08-22 21:17 - 2013-08-16 05:20 - 09962960 _____ (The ICU Project) C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.57\icudt.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 01740800 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\URE\bin\sal3.dll 2010-11-19 18:46 - 2011-05-31 19:50 - 00086016 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\URE\bin\uwinapi.dll 2010-12-13 16:23 - 2011-05-31 19:50 - 00379904 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\sofficeapp.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 01033728 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\comphelp4MSC.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 00432128 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 00013312 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\URE\bin\salhelper3MSC.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 00142848 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\URE\bin\cppu3.dll 2010-11-19 18:46 - 2011-05-31 19:50 - 00597504 _____ (STLport Consulting, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\stlport_vc7145.dll 2010-11-19 18:46 - 2011-05-31 19:50 - 00358912 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\ucbhelper4MSC.dll 2010-11-19 18:46 - 2011-05-31 19:50 - 00094208 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\vos3MSC.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 00135680 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\deploymentmiscmi.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 00832000 _____ (Oracle) C:\Program Files\OpenOffice.org 3\program\libdb47.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 00529408 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\tlmi.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 00700928 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\basegfxmi.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 00026112 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\i18nisolang1MSC.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 00958464 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\utlmi.dll 2010-11-19 18:46 - 2011-05-31 19:50 - 00531456 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\xcrmi.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 03234816 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\sfxmi.dll 2010-12-13 16:22 - 2011-05-31 19:50 - 00869888 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\fwemi.dll 2010-12-13 16:22 - 2011-05-31 19:50 - 00311296 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\fwimi.dll 2010-12-13 16:23 - 2011-05-31 19:50 - 02863616 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\svtmi.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 02186752 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\tkmi.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 03266560 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\vclmi.dll 2010-11-19 18:46 - 2011-05-31 19:50 - 00256000 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\sotmi.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 00029184 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\i18npapermi.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 00066560 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\i18nutilMSC.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 00951296 _____ (IBM Corporation and others) C:\Program Files\OpenOffice.org 3\program\icuuc40.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 13914112 _____ (IBM Corporation and others) C:\Program Files\OpenOffice.org 3\program\icudt40.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 00777216 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\svlmi.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 00092160 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\URE\bin\jvmfwk3.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 01577984 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\sbmi.dll 2010-11-19 12:42 - 2010-11-19 12:42 - 00083456 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\saxmi.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 00051712 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\URE\bin\msci_uno.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 00452608 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\URE\bin\bootstrap.uno.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 00092672 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\URE\bin\reg3.dll 2010-11-19 18:46 - 2011-05-31 19:50 - 00053248 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\URE\bin\store3.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 00396800 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\configmgr.uno.dll 2010-12-13 16:22 - 2011-05-31 19:50 - 00024064 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\localebe1.uno.dll 2010-11-19 18:46 - 2011-05-31 19:50 - 00092672 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\URE\bin\stocservices.uno.dll 2010-11-19 18:46 - 2011-05-31 19:50 - 00212992 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\ucb1.dll 2010-12-13 16:22 - 2011-05-31 19:50 - 01649152 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\fwkmi.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 00257024 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\ucpfile1.dll 2011-01-17 16:19 - 2011-05-31 19:50 - 01317376 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\i18npool.uno.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 01071616 _____ (IBM Corporation and others) C:\Program Files\OpenOffice.org 3\program\icuin40.dll 2010-12-13 16:22 - 2011-05-31 19:50 - 00083968 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\oooimprovementmi.dll 2010-12-13 16:22 - 2011-05-31 19:50 - 00287232 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\oleautobridge.uno.dll 2010-11-19 18:45 - 2011-05-31 19:50 - 00148480 _____ (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\emsermi.dll 2013-08-22 21:17 - 2013-08-16 03:23 - 03231688 _____ (Microsoft Corporation) C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.57\D3DCompiler_46.dll 2013-08-22 21:17 - 2013-08-16 05:20 - 00709584 _____ () C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.57\libglesv2.dll 2013-08-22 21:17 - 2013-08-16 05:20 - 00099792 _____ () C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.57\libegl.dll 2013-08-22 21:17 - 2013-08-16 05:21 - 04053456 _____ () C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll 2013-08-22 21:18 - 2013-08-16 05:21 - 00410576 _____ () C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll 2013-08-22 21:17 - 2013-08-16 05:20 - 02110928 _____ (Google Inc.) C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.57\libpeerconnection.dll 2013-08-22 21:17 - 2013-08-16 05:20 - 01604560 _____ () C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.57\ffmpegsumo.dll 2011-08-11 12:51 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2011-05-29 11:53 - 2010-11-20 14:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\MAPI32.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Users\Samira\Documents\Thumbs.db:encryptable ==================== Faulty Device Manager Devices ============= Name: Massenspeichercontroller Description: Massenspeichercontroller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/02/2013 01:59:20 PM) (Source: Automatic LiveUpdate Scheduler) (User: Samira-PC) Description: errorEntfernung des Dienstes aus der Registrierung fehlgeschlagen. Error: (09/02/2013 01:33:38 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: VProSvc.exe, Version: 15.0.1.36526, Zeitstempel: 0x4b8e6c9a Name des fehlerhaften Moduls: VProSvc.exe, Version: 15.0.1.36526, Zeitstempel: 0x4b8e6c9a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006272b ID des fehlerhaften Prozesses: 0x7a0 Startzeit der fehlerhaften Anwendung: 0xVProSvc.exe0 Pfad der fehlerhaften Anwendung: VProSvc.exe1 Pfad des fehlerhaften Moduls: VProSvc.exe2 Berichtskennung: VProSvc.exe3 Error: (09/02/2013 01:33:36 PM) (Source: Norton Ghost) (User: ) Description: Fehler EC8F1780: Die Änderungen seit der letzten Sitzung können nicht ordnungsgemäß abgestimmt werden. Fehler EC8F1771: Die aktuellen Laufwerke auf diesem System können nicht aufgelistet werden. Fehler E0BB0147: Operation 'Snap Volume' ist derzeit nicht für Volume aktiviert. (UMI:V-281-3215-6016) Details: Quelle: Norton Ghost Error: (08/22/2013 00:24:46 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: VProSvc.exe, Version: 15.0.1.36526, Zeitstempel: 0x4b8e6c9a Name des fehlerhaften Moduls: VProSvc.exe, Version: 15.0.1.36526, Zeitstempel: 0x4b8e6c9a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006272b ID des fehlerhaften Prozesses: 0x16c Startzeit der fehlerhaften Anwendung: 0xVProSvc.exe0 Pfad der fehlerhaften Anwendung: VProSvc.exe1 Pfad des fehlerhaften Moduls: VProSvc.exe2 Berichtskennung: VProSvc.exe3 Error: (08/22/2013 00:24:45 AM) (Source: Norton Ghost) (User: ) Description: Fehler EC8F1780: Die Änderungen seit der letzten Sitzung können nicht ordnungsgemäß abgestimmt werden. Fehler EC8F1771: Die aktuellen Laufwerke auf diesem System können nicht aufgelistet werden. Fehler E0BB0147: Operation 'Snap Volume' ist derzeit nicht für Volume aktiviert. (UMI:V-281-3215-6016) Details: Quelle: Norton Ghost Error: (07/25/2013 02:59:55 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00173668 ID des fehlerhaften Prozesses: 0xc08 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (07/20/2013 05:34:53 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Data.SqlXml, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed. . Error: (07/19/2013 03:06:42 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Data.Linq, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed. . Error: (06/18/2013 10:29:17 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: SweetPacksUpdateManager.exe, Version: 1.1.0.8, Zeitstempel: 0x502bc905 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342 ID des fehlerhaften Prozesses: 0xaa0 Startzeit der fehlerhaften Anwendung: 0xSweetPacksUpdateManager.exe0 Pfad der fehlerhaften Anwendung: SweetPacksUpdateManager.exe1 Pfad des fehlerhaften Moduls: SweetPacksUpdateManager.exe2 Berichtskennung: SweetPacksUpdateManager.exe3 Error: (06/06/2013 11:06:16 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Updater.exe, Version: 6.1.1.44121, Zeitstempel: 0x50ec1733 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x008300c4 ID des fehlerhaften Prozesses: 0xc98 Startzeit der fehlerhaften Anwendung: 0xUpdater.exe0 Pfad der fehlerhaften Anwendung: Updater.exe1 Pfad des fehlerhaften Moduls: Updater.exe2 Berichtskennung: Updater.exe3 System errors: ============= Error: (09/02/2013 01:53:38 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (09/02/2013 01:52:18 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/02/2013 01:52:18 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Live ID Sign-in Assistant erreicht. Error: (09/02/2013 01:51:57 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht. Error: (09/02/2013 01:36:39 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Sandboxie Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/02/2013 01:34:45 PM) (Source: DCOM) (User: ) Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575} Error: (09/02/2013 01:34:15 PM) (Source: VDS Basic Provider) (User: ) Description: Unerwarteter Fehler. Fehlercode: 490@01010004 Error: (09/02/2013 01:34:13 PM) (Source: VDS Basic Provider) (User: ) Description: Unerwarteter Fehler. Fehlercode: 490@01010004 Error: (09/02/2013 01:34:11 PM) (Source: VDS Basic Provider) (User: ) Description: Unerwarteter Fehler. Fehlercode: 490@01010004 Error: (09/02/2013 01:33:55 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Norton Ghost" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office Sessions: ========================= Error: (09/02/2013 01:59:20 PM) (Source: Automatic LiveUpdate Scheduler)(User: Samira-PC) Description: errorEntfernung des Dienstes aus der Registrierung fehlgeschlagen. Error: (09/02/2013 01:33:38 PM) (Source: Application Error)(User: ) Description: VProSvc.exe15.0.1.365264b8e6c9aVProSvc.exe15.0.1.365264b8e6c9ac00000050006272b7a001cea7cfde30df56C:\Program Files\Norton Ghost\Agent\VProSvc.exeC:\Program Files\Norton Ghost\Agent\VProSvc.exe82279f62-13c3-11e3-ba01-001a80b9ad9a Error: (09/02/2013 01:33:36 PM) (Source: Norton Ghost)(User: ) Description: Fehler EC8F1780: Die Änderungen seit der letzten Sitzung können nicht ordnungsgemäß abgestimmt werden. Fehler EC8F1771: Die aktuellen Laufwerke auf diesem System können nicht aufgelistet werden. Fehler E0BB0147: Operation 'Snap Volume' ist derzeit nicht für Volume aktiviert. (UMI:V-281-3215-6016) Details: Quelle: Norton Ghost Error: (08/22/2013 00:24:46 AM) (Source: Application Error)(User: ) Description: VProSvc.exe15.0.1.365264b8e6c9aVProSvc.exe15.0.1.365264b8e6c9ac00000050006272b16c01ce9ebcca76d541C:\Program Files\Norton Ghost\Agent\VProSvc.exeC:\Program Files\Norton Ghost\Agent\VProSvc.exe7b768abe-0ab0-11e3-bc70-001a80b9ad9a Error: (08/22/2013 00:24:45 AM) (Source: Norton Ghost)(User: ) Description: Fehler EC8F1780: Die Änderungen seit der letzten Sitzung können nicht ordnungsgemäß abgestimmt werden. Fehler EC8F1771: Die aktuellen Laufwerke auf diesem System können nicht aufgelistet werden. Fehler E0BB0147: Operation 'Snap Volume' ist derzeit nicht für Volume aktiviert. (UMI:V-281-3215-6016) Details: Quelle: Norton Ghost Error: (07/25/2013 02:59:55 PM) (Source: Application Error)(User: ) Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668c0801ce8933a88fdcc3C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll19d3a325-f52a-11e2-8b5d-001a80b9ad9a Error: (07/20/2013 05:34:53 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Data.SqlXml, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed. . Error: (07/19/2013 03:06:42 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Data.Linq, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed. . Error: (06/18/2013 10:29:17 PM) (Source: Application Error)(User: ) Description: SweetPacksUpdateManager.exe1.1.0.8502bc905ole32.dll6.1.7601.175144ce7b96fc000000500039342aa001ce6c62615f171bC:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exeC:\Windows\system32\ole32.dllbf1f9183-d855-11e2-9981-001a80b9ad9a Error: (06/06/2013 11:06:16 PM) (Source: Application Error)(User: ) Description: Updater.exe6.1.1.4412150ec1733unknown0.0.0.000000000c0000005008300c4c9801ce62f979bd4d99C:\Program Files\Skype\Updater\Updater.exeunknownec8bc23e-ceec-11e2-8ae6-001a80b9ad9a ==================== Memory info =========================== Percentage of memory in use: 47% Total physical RAM: 3062.43 MB Available physical RAM: 1612.59 MB Total Pagefile: 6123.15 MB Available Pagefile: 4554.08 MB Total Virtual: 2047.88 MB Available Virtual: 1898.02 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:93.54 GB) (Free:58.21 GB) NTFS Drive d: () (Fixed) (Total:92.68 GB) (Free:47.51 GB) NTFS Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: D5A56E96) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=93 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=94 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-09-2013 04
Ran by Samira (administrator) on SAMIRA-PC on 02-09-2013 14:05:19
Running from C:\Users\Samira\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Windows\system32\dmwu.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files\Join Air\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\System32\jmdp\stij.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
() C:\Program Files\Join Air\UIExec.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\Samira\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Google Inc.) C:\Users\Samira\AppData\Local\Google\Chrome\Application\chrome.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Users\Samira\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Samira\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Samira\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [UIExec] - C:\Program Files\Join Air\UIExec.exe [132608 2009-08-31] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software)
HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Sweetpacks Communicator] - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKCU\...\Run: [Google Update] - C:\Users\Samira\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-05-29] (Google Inc.)
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [545552 2012-08-25] (SANDBOXIE L.T.D)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Windows\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKCU - DefaultScope {5B6504A2-1C11-4EBA-8D17-99847B74179F} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {5B6504A2-1C11-4EBA-8D17-99847B74179F} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU -SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 10 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 11 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 13 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 14 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 15 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 17 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 18 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 22 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 23 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\umm3zol9.default
FF Homepage: hxxp://avira.search.ask.com/?p2=%5EB0Q%5EYYYYYY%5EYY%5EDE&gct=hp&o=APN11074&apn_ptnrs=%5EB0Q&apn_dtid=%5EYYYYYY%5EYY%5EDE&tpid=AVIRA-V7&apn_dbr=ff_23.0&trgb=ALL&apn_uid=FF173598-7895-4B64-9B4E-BCDA61705533&itbv=12.2.2.663&doi=2013-09-02&psv=
FF SelectedSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask Search
FF DefaultSearchEngine: Ask Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Samira\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Samira\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\umm3zol9.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\umm3zol9.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: toolbar_AVIRA-V7 - C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\umm3zol9.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (YouTube) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (avast! WebRep) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0
CHR Extension: (SweetIM for Facebook) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Samira\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-31] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-31] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1167152 2013-05-21] ()
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [237008 2011-06-17] (McAfee, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [85776 2012-08-25] (SANDBOXIE L.T.D)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
R2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [241664 2009-08-31] ()
S3 GenericMount Helper Service; "C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe" [x]
S3 SymSnapService; "C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-08-31] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-08-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-31] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [57840 2010-02-12] (Symantec Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-08-25] (SANDBOXIE L.T.D)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-05-30] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-31] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
U2 V2iMount;
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-02 14:04 - 2013-09-02 14:04 - 01085803 _____ (Farbar) C:\Users\Samira\Desktop\FRST.exe
2013-09-02 13:49 - 2013-09-02 13:49 - 00000204 _____ C:\Users\Samira\defogger_reenable
2013-09-02 13:47 - 2013-09-02 13:47 - 00050477 _____ C:\Users\Samira\Desktop\Defogger.exe
2013-09-02 13:44 - 2013-09-02 14:03 - 00000000 ____D C:\Users\Samira\Desktop\fuers board
2013-09-02 13:36 - 2013-09-02 13:36 - 00448512 _____ (OldTimer Tools) C:\Users\Samira\Downloads\TFC.exe
2013-09-02 11:45 - 2013-09-02 11:45 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Avira
2013-09-02 11:44 - 2013-09-02 11:44 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Malwarebytes
2013-09-02 11:43 - 2013-09-02 11:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-02 11:43 - 2013-09-02 11:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Samira\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-02 11:43 - 2013-09-02 11:43 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 11:43 - 2013-09-02 11:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 11:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-02 11:41 - 2013-09-02 11:41 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-02 11:41 - 2013-09-02 11:41 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-09-02 11:41 - 2013-09-02 11:40 - 00067168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-02 11:40 - 2013-09-02 11:40 - 00000000 ____D C:\ProgramData\APN
2013-09-02 11:38 - 2013-09-02 11:38 - 00001940 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-02 11:38 - 2013-09-02 11:38 - 00000000 ____D C:\ProgramData\Avira
2013-09-02 11:38 - 2013-09-02 11:38 - 00000000 ____D C:\Program Files\Avira
2013-09-02 11:38 - 2013-08-31 20:32 - 00135136 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-02 11:38 - 2013-08-31 20:32 - 00084744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-02 11:38 - 2013-08-31 20:32 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-02 11:38 - 2013-08-31 20:32 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-22 22:32 - 2013-08-22 22:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-22 22:22 - 2013-08-22 22:23 - 00024190 _____ C:\Users\Samira\Downloads\Holz-Stehleuchten.gz
2013-08-22 22:08 - 2013-08-22 22:08 - 00031478 _____ C:\Users\Samira\Downloads\Schlafzimmerleuchten.gz
2013-08-22 22:07 - 2013-08-22 22:07 - 00002627 _____ C:\Users\Samira\Downloads\Wohnraumleuchten.gz
2013-08-20 16:44 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-20 16:44 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-20 16:44 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-20 16:44 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-20 16:44 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-20 16:44 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-20 16:44 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-20 16:44 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-20 16:44 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-20 16:44 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-20 16:44 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-20 16:44 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-20 16:44 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-20 16:44 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-20 16:44 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-20 16:44 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-20 14:48 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-20 14:48 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-20 14:48 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-20 14:48 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-20 14:48 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-20 14:48 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-20 14:48 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-20 14:48 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-20 14:48 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-20 14:48 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-20 14:48 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-20 14:47 - 2013-06-15 05:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-20 14:47 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
2013-09-02 14:05 - 2013-09-02 14:05 - 00000000 ____D C:\FRST
2013-09-02 14:05 - 2011-05-26 21:03 - 01449181 _____ C:\Windows\WindowsUpdate.log
2013-09-02 14:04 - 2013-09-02 14:04 - 01085803 _____ (Farbar) C:\Users\Samira\Desktop\FRST.exe
2013-09-02 14:04 - 2011-05-26 22:43 - 00000000 ____D C:\Users\Samira\AppData\Roaming\FRITZ!
2013-09-02 14:03 - 2013-09-02 13:44 - 00000000 ____D C:\Users\Samira\Desktop\fuers board
2013-09-02 14:03 - 2009-07-14 06:34 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 14:03 - 2009-07-14 06:34 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 14:01 - 2011-07-07 21:43 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-09-02 14:01 - 2011-05-26 21:47 - 00144804 _____ C:\Users\Samira\DesktopStCenter.txt
2013-09-02 14:00 - 2013-02-22 18:59 - 00062904 _____ C:\Windows\PFRO.log
2013-09-02 14:00 - 2012-04-08 19:05 - 00038918 _____ C:\Windows\setupact.log
2013-09-02 14:00 - 2011-07-22 22:22 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-02 14:00 - 2011-05-29 14:38 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 14:00 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 13:59 - 2011-05-30 20:19 - 00000000 ____D C:\ProgramData\Symantec
2013-09-02 13:59 - 2011-05-30 20:19 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-09-02 13:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-02 13:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2013-09-02 13:56 - 2013-03-08 20:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 13:49 - 2013-09-02 13:49 - 00000204 _____ C:\Users\Samira\defogger_reenable
2013-09-02 13:49 - 2011-05-26 21:27 - 00000000 ____D C:\Users\Samira
2013-09-02 13:47 - 2013-09-02 13:47 - 00050477 _____ C:\Users\Samira\Desktop\Defogger.exe
2013-09-02 13:46 - 2011-05-29 14:38 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-02 13:36 - 2013-09-02 13:36 - 00448512 _____ (OldTimer Tools) C:\Users\Samira\Downloads\TFC.exe
2013-09-02 13:11 - 2011-05-29 11:40 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-272472105-3204116038-1883624732-1000UA.job
2013-09-02 13:11 - 2011-05-29 11:40 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-272472105-3204116038-1883624732-1000Core.job
2013-09-02 11:45 - 2013-09-02 11:45 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Avira
2013-09-02 11:44 - 2013-09-02 11:44 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Malwarebytes
2013-09-02 11:44 - 2013-09-02 11:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-02 11:43 - 2013-09-02 11:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Samira\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-02 11:43 - 2013-09-02 11:43 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 11:43 - 2013-09-02 11:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 11:41 - 2013-09-02 11:41 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-02 11:41 - 2013-09-02 11:41 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-09-02 11:40 - 2013-09-02 11:41 - 00067168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-02 11:40 - 2013-09-02 11:40 - 00000000 ____D C:\ProgramData\APN
2013-09-02 11:38 - 2013-09-02 11:38 - 00001940 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-02 11:38 - 2013-09-02 11:38 - 00000000 ____D C:\ProgramData\Avira
2013-09-02 11:38 - 2013-09-02 11:38 - 00000000 ____D C:\Program Files\Avira
2013-09-01 16:14 - 2012-11-17 17:20 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Skype
2013-08-31 20:32 - 2013-09-02 11:38 - 00135136 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-31 20:32 - 2013-09-02 11:38 - 00084744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-31 20:32 - 2013-09-02 11:38 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-31 20:32 - 2013-09-02 11:38 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-31 07:19 - 2011-05-30 21:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-30 20:24 - 2013-03-08 20:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-22 22:38 - 2013-08-22 22:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-22 22:23 - 2013-08-22 22:22 - 00024190 _____ C:\Users\Samira\Downloads\Holz-Stehleuchten.gz
2013-08-22 22:08 - 2013-08-22 22:08 - 00031478 _____ C:\Users\Samira\Downloads\Schlafzimmerleuchten.gz
2013-08-22 22:07 - 2013-08-22 22:07 - 00002627 _____ C:\Users\Samira\Downloads\Wohnraumleuchten.gz
2013-08-21 10:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-21 10:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-20 16:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-20 14:43 - 2011-05-29 14:37 - 00000000 ____D C:\Program Files\Google
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-01 00:12
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-03 22:04:33
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK2546GSX_200 rev.LB012Q 186,31GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Samira\AppData\Local\Temp\kwdiqpod.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwAddBootEntry [0x8B6964BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwAllocateVirtualMemory [0x90E55C22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwAssignProcessToJobObject [0x8B696ED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateEvent [0x8B6A1FA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateEventPair [0x8B6A1FF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateIoCompletion [0x8B6A2176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateMutant [0x8B6A1F16]
SSDT 90A88BCE ZwCreateSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateSemaphore [0x8B6A1F5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateThread [0x8B69711C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateThreadEx [0x8B6972F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateTimer [0x8B6A2130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDebugActiveProcess [0x8B69793E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDeleteBootEntry [0x8B696508]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwFreeVirtualMemory [0x90E55CEA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwLoadDriver [0x90E543EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwModifyBootEntry [0x8B696556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwNotifyChangeKey [0x8B69B534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwNotifyChangeMultipleKeys [0x8B6983A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenEvent [0x8B6A1FD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenEventPair [0x8B6A2016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenIoCompletion [0x8B6A219A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenMutant [0x8B6A1F3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenSection [0x8B6A20BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenSemaphore [0x8B6A1F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenTimer [0x8B6A2154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwProtectVirtualMemory [0x90E55E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueryObject [0x8B698272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueueApcThreadEx [0x8B697F86]
SSDT 90A88BD8 ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootEntryOrder [0x8B6965A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootOptions [0x8B6965F2]
SSDT 90A88BD3 ZwSetContextThread
SSDT 90A88BDD ZwSetSecurityObject
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetSystemInformation [0x8B6961FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetSystemPowerState [0x8B6963AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwShutdownSystem [0x8B696350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSuspendProcess [0x8B697AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSuspendThread [0x8B697C54]
SSDT 90A88BE2 ZwSystemDebugControl
SSDT 90A88B6F ZwTerminateProcess
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwTerminateThread [0x8B697636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwUnloadDriver [0x90E5441C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwVdmControl [0x8B696640]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwWriteVirtualMemory [0x90E55D96]
Code 90A9CBFC ZwTraceEvent
Code 90A9CBFB NtTraceEvent
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C47A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C81212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C88460 4 Bytes [BA, 64, 69, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C88488 4 Bytes [22, 5C, E5, 90] {AND BL, [EBP-0x70]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C884E8 4 Bytes [D6, 6E, 69, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C8853C 8 Bytes [A8, 1F, 6A, 8B, F4, 1F, 6A, ...] {TEST AL, 0x1f; PUSH -0x75; HLT ; POP DS; PUSH -0x75}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C88548 4 Bytes [76, 21, 6A, 8B] {JBE 0x23; PUSH -0x75}
.text ...
.text ntkrnlpa.exe!NtTraceEvent 82CD1AE2 5 Bytes JMP 90A9CC00
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E434CF 4 Bytes CALL 8B698A8D \SystemRoot\System32\Drivers\aswSnx.SYS
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 82E5D203 5 Bytes JMP 90A9CDE0
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E5D323 4 Bytes CALL 8B698AA3 \SystemRoot\System32\Drivers\aswSnx.SYS
PAGE ntkrnlpa.exe!NtRequestPort + 2 82E8B7A5 5 Bytes JMP 90A9CCA0
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[172] kernel32.dll!GetBinaryTypeW + 70 757069F4 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[340] kernel32.dll!GetBinaryTypeW + 70 757069F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[408] kernel32.dll!GetBinaryTypeW + 70 757069F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[424] kernel32.dll!GetBinaryTypeW + 70 757069F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[464] kernel32.dll!GetBinaryTypeW + 70 757069F4 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] kernel32.dll!SetUnhandledExceptionFilter 756EF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] kernel32.dll!GetBinaryTypeW + 70 757069F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1584] kernel32.dll!GetBinaryTypeW + 70 757069F4 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!GetBinaryTypeW + 70 757069F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1632] kernel32.dll!GetBinaryTypeW + 70 757069F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] kernel32.dll!GetBinaryTypeW + 70 757069F4 1 Byte [62]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x35 0xDD 0x9F 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5C 0x19 0x94 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x1F 0xD5 0xF3 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x35 0xDD 0x9F 0xF6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5C 0x19 0x94 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x1F 0xD5 0xF3 0xCC ...
---- EOF - GMER 2.1 ----
|
|
10.09.2013, 16:06
| #2 |
| /// Malwareteam   | Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde an Hallo und
__________________ Ich bin Christoph alias DerJazzer. Ich werde dich durch die Bereinigung begleiten und bin währenddessen dein Ansprechpartner für dieses Thema. Je nach Art der vorliegenden Infektion kann viel Arbeit und ein großer Zeiteinsatz auf dich (und auf mich) zukommen. Ein Neuaufsetzen ist damit meist als der schnellere, aber immer als der sicherere Weg zu betrachten. Für den Erfolg der Bereinigung gilt: Ich kann dir zu keinem Zeitpunkt garantieren, dass der PC nach der Bereinigung auch wirklich frei von Malware ist! Wenn du das akzeptierst, bitte ich dich, hier so lange mitzuarbeiten, bis ich dir sage, dass der PC aus meiner Sicht malwarefrei ist. Um die Bereinigung so effektiv und nervenschonend wie möglich zu gestalten, bitte ich dich, folgende Punkte ebenfalls zu beachten:
Um mir das Auswerten deiner Logs (Berichte der verwendeten Programme) zu erleichtern, bitte ich dich, diese zwischen Code-Tags zu posten. Dazu drückst du einfach den #-Button im Antwortfenster und fügst dort zwischen den eckigen Klammern dein Log ein. Das sieht dann so aus: [CODE] eingefügtes Log [/CODE] Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Scan mit Combofix
Bitte poste in deiner nächsten Antwort
__________________ |
|
14.09.2013, 17:36
| #3 |
| | Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde an Tut mir Leid, dass ich erst so spät anworte, ich werde in den nächsten Tagen die Logs posten - leider wohne ich etwas von meiner Freundin entfernt und muss immer pendeln. Werde wohl aber nächste Woche wieder Logs posten können.
__________________ |
|
15.09.2013, 12:27
| #4 |
| /// Malwareteam | Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde an Ok, kein Stress 
__________________ Keep Jazzing!  DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
26.09.2013, 18:20
| #5 |
| | Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde an So. Nach langer Abstinenz, hier die gewuenschten Logs. Bin jetzt ein paar Tage hier, vielleicht klappt es ja in einem Rutsch...  Adwcleaner Code:
ATTFilter # AdwCleaner v3.005 - Bericht erstellt am 26/09/2013 um 18:31:30
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : Samira - SAMIRA-PC
# Gestartet von : C:\Users\Samira\Downloads\adwcleaner (1).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Produkt Gelöscht : Internet Explorer Toolbar 4.6 by SweetPacks
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\umm3zol9.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6961 octets] - [10/09/2013 17:52:27]
AdwCleaner[R1].txt - [1224 octets] - [26/09/2013 18:30:30]
AdwCleaner[S0].txt - [7040 octets] - [10/09/2013 17:53:25]
AdwCleaner[S1].txt - [1145 octets] - [26/09/2013 18:31:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1205 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 7 Ultimate x86
Ran by Samira on 26.09.2013 at 18:55:58,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-272472105-3204116038-1883624732-1000\Software\SweetIM
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ FireFox
Successfully deleted: [File] C:\Users\Samira\AppData\Roaming\mozilla\firefox\profiles\umm3zol9.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Successfully deleted the following from C:\Users\Samira\AppData\Roaming\mozilla\firefox\profiles\umm3zol9.default\prefs.js
user_pref("browser.startup.homepage", "hxxp://avira.search.ask.com/?p2=%5EB0Q%5EYYYYYY%5EYY%5EDE&gct=hp&o=APN11074&apn_ptnrs=%5EB0Q&apn_dtid=%5EYYYYYY%5EYY%5EDE&tpid=AVIRA-V7&
user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Anal
user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
user_pref("extensions.AVIRA-V7.hpr_ff", "\"hxxp://avira.search.ask.com/?p2=%5EB0Q%5EYYYYYY%5EYY%5EDE&gct=hp&o=APN11074&apn_ptnrs=%5EB0Q&apn_dtid=%5EYYYYYY%5EYY%5EDE&tpid=AVIRA
Emptied folder: C:\Users\Samira\AppData\Roaming\mozilla\firefox\profiles\umm3zol9.default\minidumps [22 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Samira\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.09.2013 at 18:59:21,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ComboFix 13-09-26.03 - Samira 26.09.2013 19:05:00.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3062.2074 [GMT 2:00]
ausgeführt von:: c:\users\Samira\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-26 bis 2013-09-26 ))))))))))))))))))))))))))))))
.
.
2013-09-26 17:12 . 2013-09-26 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-26 16:55 . 2013-09-26 16:55 -------- d-----w- c:\windows\ERUNT
2013-09-20 12:50 . 2013-09-20 12:52 -------- d-----w- c:\windows\system32\MRT
2013-09-10 15:44 . 2013-09-26 16:31 -------- d-----w- C:\AdwCleaner
2013-09-02 12:05 . 2013-09-02 12:05 -------- d-----w- C:\FRST
2013-09-02 09:45 . 2013-09-02 09:45 -------- d-----w- c:\users\Samira\AppData\Roaming\Avira
2013-09-02 09:44 . 2013-09-02 09:44 -------- d-----w- c:\users\Samira\AppData\Roaming\Malwarebytes
2013-09-02 09:43 . 2013-09-02 09:43 -------- d-----w- c:\programdata\Malwarebytes
2013-09-02 09:43 . 2013-09-02 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-02 09:43 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-02 09:41 . 2013-09-02 09:41 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-09-02 09:41 . 2013-09-02 09:41 -------- d-----w- c:\program files\AskPartnerNetwork
2013-09-02 09:41 . 2013-09-10 14:48 66144 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-02 09:38 . 2013-09-10 14:48 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-09-02 09:38 . 2013-09-10 14:48 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-09-02 09:38 . 2013-08-31 18:32 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-09-02 09:38 . 2013-09-02 09:38 -------- d-----w- c:\programdata\Avira
2013-09-02 09:38 . 2013-09-02 09:38 -------- d-----w- c:\program files\Avira
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-15 14:56 . 2013-03-08 18:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 14:56 . 2013-03-08 18:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-25 08:57 . 2013-08-20 12:48 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-20 12:48 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-20 12:48 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-20 12:48 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-20 12:48 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-20 12:48 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-20 12:48 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-20 12:48 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-20 12:48 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-20 12:48 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-20 12:48 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D8278076-BC68-4484-9233-6E7F1628B56C}"= "c:\program files\AskPartnerNetwork\Toolbar\searchhook.dll" [2013-07-26 129488]
.
[HKEY_CLASSES_ROOT\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}]
[HKEY_CLASSES_ROOT\TypeLib\{7C4EE486-5EA5-4683-8C23-BF520933BB5E}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-08-25 545552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2009-08-31 132608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-10 347192]
.
c:\users\Samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2009-4-9 1061688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-4-11 394856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-04-19 161384]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [2009-08-31 241664]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2010-02-12 57840]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 9728]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-30 436792]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-08-31 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-09-10 84024]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-09-10 815160]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-07-26 168400]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 73528]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-08 14:56]
.
2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-29 12:37]
.
2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-29 12:37]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-272472105-3204116038-1883624732-1000Core.job
- c:\users\Samira\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-29 09:39]
.
2013-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-272472105-3204116038-1883624732-1000UA.job
- c:\users\Samira\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-29 09:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
LSP: c:\program files\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D35A8382-B875-4E10-9A9C-D1EEB42472D2}: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\umm3zol9.default\
FF - prefs.js: browser.search.selectedEngine - Ask Search
FF - ExtSQL: 2013-09-02 11:44; toolbar_AVIRA-V7@apn.ask.com; c:\users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\umm3zol9.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
HKU-Default-Run-FRITZ!protect - FwebProt.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-26 19:14:59
ComboFix-quarantined-files.txt 2013-09-26 17:14
.
Vor Suchlauf: 9 Verzeichnis(se), 63.358.713.856 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 62.947.364.864 Bytes frei
.
- - End Of File - - 1A05F0608487FEC215508EC0A574651B
A36C5E4F47E84449FF07ED3517B43A31
PS: Der Laptop hier hat ein kurioses Problem, ich komme nicht in das Heimnetzwerk (Inet) rein, solange AVAST aktiviert ist. Sobald ich es deaktiviere (Die Suchmodule etc.) kann ich mehr WLAN rein, ein Lankabel habe ich hier nicht zur Verfuegung. Woran liegt das? Antivira macht keine Probleme... Geändert von MrXxx (26.09.2013 um 18:32 Uhr) |
|
26.09.2013, 21:01
| #6 |
| /// Malwareteam | Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde an Avast scheint das also zu blockieren... ich forsch da mal nach, kenne mich bei Avast! nicht so aus (du kannst ja in der Zwischenzeit auch mal in den Einstellungen rumspielen ).Ok, dann kontrollieren wir nochmal: Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Schritt 4 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Bitte poste in deiner nächsten Antwort
__________________ --> Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde an |
|
27.09.2013, 20:34
| #7 |
| | Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde an So. Hier die Logs: Malewarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.27.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 Samira :: SAMIRA-PC [Administrator] Schutz: Aktiviert 27.09.2013 19:05:58 mbam-log-2013-09-27 (19-05-58).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 195595 Laufzeit: 8 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Windows\KMSAct.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\248ca1.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d32d54497e7c1d4a8ecd418a8633b570
# engine=15287
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-27 06:56:49
# local_time=2013-09-27 08:56:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 95 16501 150979514 9249 0
# compatibility_mode=5893 16776574 100 94 6076520 131939400 0 0
# scanned=112184
# found=0
# cleaned=0
# scan_time=2634
Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java(TM) 6 Update 37 Java version out of Date! Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.3 Adobe Reader out of Date! Mozilla Firefox (23.0.1) Google Chrome 29.0.1547.57 Google Chrome 29.0.1547.76 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013
Ran by Samira (administrator) on SAMIRA-PC on 27-09-2013 21:28:55
Running from C:\Users\Samira\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files\Join Air\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\Join Air\UIExec.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.EXE
(Google Inc.) C:\Users\Samira\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Samira\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Samira\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Samira\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Samira\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [UIExec] - C:\Program Files\Join Air\UIExec.exe [132608 2009-08-31] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-10] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [545552 2012-08-25] (SANDBOXIE L.T.D)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
Startup: C:\Users\Samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {5B6504A2-1C11-4EBA-8D17-99847B74179F} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 04 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 13 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 14 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 15 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 17 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 18 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 22 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 23 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\umm3zol9.default
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Samira\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Samira\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Samira\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - C:\Users\Samira\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [237008 2011-06-17] (McAfee, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [85776 2012-08-25] (SANDBOXIE L.T.D)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
R2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [241664 2009-08-31] ()
S3 GenericMount Helper Service; "C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe" [x]
S3 SymSnapService; "C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-31] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [57840 2010-02-12] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-08-25] (SANDBOXIE L.T.D)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-05-30] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-31] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 catchme; \??\C:\Users\Samira\AppData\Local\Temp\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
U2 V2iMount;
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-27 21:28 - 2013-09-27 21:28 - 01086861 _____ (Farbar) C:\Users\Samira\Desktop\FRST.exe
2013-09-27 21:22 - 2013-09-27 21:22 - 00891144 _____ C:\Users\Samira\Downloads\SecurityCheck.exe
2013-09-27 21:20 - 2013-09-27 21:24 - 00000000 ____D C:\Users\Samira\Desktop\neu board
2013-09-27 20:11 - 2013-09-27 20:11 - 00000000 ____D C:\Program Files\ESET
2013-09-27 20:10 - 2013-09-27 20:10 - 02347384 _____ (ESET) C:\Users\Samira\Downloads\esetsmartinstaller_enu.exe
2013-09-27 19:03 - 2013-09-27 19:03 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-27 19:03 - 2013-09-27 19:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-27 19:03 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-27 19:02 - 2013-09-27 19:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Samira\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-09-27 18:47 - 2013-09-27 18:47 - 00377920 _____ (AVAST Software) C:\Users\Samira\Downloads\aswclear.exe
2013-09-27 16:22 - 2013-09-27 16:22 - 98267320 _____ C:\Windows\system32\屍줘᭔d
2013-09-26 19:15 - 2013-09-26 19:15 - 00013089 _____ C:\ComboFix.txt
2013-09-26 19:02 - 2013-09-26 19:15 - 00000000 ____D C:\Qoobox
2013-09-26 19:02 - 2013-09-26 19:13 - 00000000 ____D C:\Windows\erdnt
2013-09-26 19:02 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-26 19:02 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-26 19:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-26 19:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-26 19:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-26 19:02 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-26 19:02 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-26 19:02 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-26 19:01 - 2013-09-26 19:01 - 05129766 ____R (Swearware) C:\Users\Samira\Desktop\ComboFix.exe
2013-09-26 18:55 - 2013-09-26 18:55 - 01030038 _____ (Thisisu) C:\Users\Samira\Desktop\JRT (1).exe
2013-09-26 18:55 - 2013-09-26 18:55 - 00000000 ____D C:\Windows\ERUNT
2013-09-26 18:54 - 2013-09-26 18:54 - 01030038 _____ (Thisisu) C:\Users\Samira\Downloads\JRT.exe
2013-09-26 18:29 - 2013-09-26 18:29 - 01042066 _____ C:\Users\Samira\Downloads\adwcleaner (1).exe
2013-09-20 14:50 - 2013-09-20 14:52 - 00000000 ____D C:\Windows\system32\MRT
2013-09-15 17:06 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-15 17:06 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-15 17:06 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-15 17:06 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-15 17:06 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-15 17:06 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-15 17:06 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-15 17:06 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-15 17:06 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-15 17:06 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-15 17:06 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-15 17:06 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-15 17:06 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-15 17:06 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-15 17:06 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-15 17:06 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-15 17:02 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-15 17:02 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-15 17:02 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-15 17:02 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-15 17:02 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-15 17:02 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-15 17:02 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-15 17:02 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-15 17:02 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 17:44 - 2013-09-26 18:31 - 00000000 ____D C:\AdwCleaner
2013-09-10 17:43 - 2013-09-10 17:43 - 01037278 _____ C:\Users\Samira\Downloads\adwcleaner.exe
2013-09-02 14:10 - 2013-09-02 14:10 - 00377856 _____ C:\Users\Samira\Desktop\gmer_2.1.19163.exe
2013-09-02 14:05 - 2013-09-02 14:05 - 00000000 ____D C:\FRST
2013-09-02 13:49 - 2013-09-02 13:49 - 00000204 _____ C:\Users\Samira\defogger_reenable
2013-09-02 13:47 - 2013-09-02 13:47 - 00050477 _____ C:\Users\Samira\Desktop\Defogger.exe
2013-09-02 13:44 - 2013-09-27 21:20 - 00000000 ____D C:\Users\Samira\Desktop\fuers board
2013-09-02 13:36 - 2013-09-02 13:36 - 00448512 _____ (OldTimer Tools) C:\Users\Samira\Downloads\TFC.exe
2013-09-02 11:45 - 2013-09-02 11:45 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Avira
2013-09-02 11:44 - 2013-09-02 11:44 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Malwarebytes
2013-09-02 11:43 - 2013-09-02 11:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Samira\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-02 11:43 - 2013-09-02 11:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 11:41 - 2013-09-10 16:48 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-02 11:41 - 2013-09-02 11:41 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-02 11:41 - 2013-09-02 11:41 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-09-02 11:38 - 2013-09-10 16:48 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-02 11:38 - 2013-09-10 16:48 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-02 11:38 - 2013-09-02 11:38 - 00001940 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-02 11:38 - 2013-09-02 11:38 - 00000000 ____D C:\ProgramData\Avira
2013-09-02 11:38 - 2013-09-02 11:38 - 00000000 ____D C:\Program Files\Avira
2013-09-02 11:38 - 2013-08-31 20:32 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-02 11:38 - 2013-08-31 20:32 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
==================== One Month Modified Files and Folders =======
2013-09-27 21:28 - 2013-09-27 21:28 - 01086861 _____ (Farbar) C:\Users\Samira\Desktop\FRST.exe
2013-09-27 21:28 - 2011-05-26 22:43 - 00000000 ____D C:\Users\Samira\AppData\Roaming\FRITZ!
2013-09-27 21:24 - 2013-09-27 21:20 - 00000000 ____D C:\Users\Samira\Desktop\neu board
2013-09-27 21:22 - 2013-09-27 21:22 - 00891144 _____ C:\Users\Samira\Downloads\SecurityCheck.exe
2013-09-27 21:20 - 2013-09-02 13:44 - 00000000 ____D C:\Users\Samira\Desktop\fuers board
2013-09-27 21:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2013-09-27 21:11 - 2011-05-29 11:40 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-272472105-3204116038-1883624732-1000UA.job
2013-09-27 21:08 - 2012-11-17 17:20 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Skype
2013-09-27 20:56 - 2013-03-08 20:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-27 20:46 - 2011-05-29 14:38 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-27 20:15 - 2009-07-14 06:34 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-27 20:15 - 2009-07-14 06:34 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-27 20:11 - 2013-09-27 20:11 - 00000000 ____D C:\Program Files\ESET
2013-09-27 20:11 - 2011-05-26 21:03 - 01250600 _____ C:\Windows\WindowsUpdate.log
2013-09-27 20:10 - 2013-09-27 20:10 - 02347384 _____ (ESET) C:\Users\Samira\Downloads\esetsmartinstaller_enu.exe
2013-09-27 20:08 - 2011-07-07 21:43 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-09-27 20:08 - 2011-05-29 14:38 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-27 20:08 - 2011-05-26 21:47 - 00147933 _____ C:\Users\Samira\DesktopStCenter.txt
2013-09-27 20:07 - 2013-02-22 18:59 - 00063932 _____ C:\Windows\PFRO.log
2013-09-27 20:07 - 2012-04-08 19:05 - 00040150 _____ C:\Windows\setupact.log
2013-09-27 20:07 - 2011-07-22 22:22 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-27 20:07 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\DigitalLocker
2013-09-27 20:07 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-27 19:03 - 2013-09-27 19:03 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-27 19:03 - 2013-09-27 19:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-27 19:03 - 2013-09-27 19:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Samira\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-09-27 18:49 - 2012-11-08 19:07 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-27 18:49 - 2012-11-08 19:07 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-27 18:49 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-27 18:47 - 2013-09-27 18:47 - 00377920 _____ (AVAST Software) C:\Users\Samira\Downloads\aswclear.exe
2013-09-27 16:22 - 2013-09-27 16:22 - 98267320 _____ C:\Windows\system32\屍줘᭔d
2013-09-27 09:45 - 2012-11-17 17:20 - 00000000 ____D C:\ProgramData\Skype
2013-09-27 09:44 - 2012-11-17 17:20 - 00000000 ___RD C:\Program Files\Skype
2013-09-26 19:15 - 2013-09-26 19:15 - 00013089 _____ C:\ComboFix.txt
2013-09-26 19:15 - 2013-09-26 19:02 - 00000000 ____D C:\Qoobox
2013-09-26 19:15 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-26 19:15 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-26 19:13 - 2013-09-26 19:02 - 00000000 ____D C:\Windows\erdnt
2013-09-26 19:12 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-26 19:01 - 2013-09-26 19:01 - 05129766 ____R (Swearware) C:\Users\Samira\Desktop\ComboFix.exe
2013-09-26 18:55 - 2013-09-26 18:55 - 01030038 _____ (Thisisu) C:\Users\Samira\Desktop\JRT (1).exe
2013-09-26 18:55 - 2013-09-26 18:55 - 00000000 ____D C:\Windows\ERUNT
2013-09-26 18:54 - 2013-09-26 18:54 - 01030038 _____ (Thisisu) C:\Users\Samira\Downloads\JRT.exe
2013-09-26 18:31 - 2013-09-10 17:44 - 00000000 ____D C:\AdwCleaner
2013-09-26 18:29 - 2013-09-26 18:29 - 01042066 _____ C:\Users\Samira\Downloads\adwcleaner (1).exe
2013-09-21 18:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-20 15:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-20 14:52 - 2013-09-20 14:50 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 18:58 - 2009-07-14 06:33 - 00435856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 18:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-15 17:12 - 2011-05-30 21:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 16:56 - 2013-03-08 20:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-15 16:56 - 2013-03-08 20:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 20:49 - 2013-02-22 20:55 - 00000000 ____D C:\Program Files\JDownloader
2013-09-10 17:43 - 2013-09-10 17:43 - 01037278 _____ C:\Users\Samira\Downloads\adwcleaner.exe
2013-09-10 16:48 - 2013-09-02 11:41 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-10 16:48 - 2013-09-02 11:38 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-10 16:48 - 2013-09-02 11:38 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-02 14:10 - 2013-09-02 14:10 - 00377856 _____ C:\Users\Samira\Desktop\gmer_2.1.19163.exe
2013-09-02 14:05 - 2013-09-02 14:05 - 00000000 ____D C:\FRST
2013-09-02 13:59 - 2011-05-30 20:19 - 00000000 ____D C:\ProgramData\Symantec
2013-09-02 13:59 - 2011-05-30 20:19 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-09-02 13:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-02 13:49 - 2013-09-02 13:49 - 00000204 _____ C:\Users\Samira\defogger_reenable
2013-09-02 13:49 - 2011-05-26 21:27 - 00000000 ____D C:\Users\Samira
2013-09-02 13:47 - 2013-09-02 13:47 - 00050477 _____ C:\Users\Samira\Desktop\Defogger.exe
2013-09-02 13:36 - 2013-09-02 13:36 - 00448512 _____ (OldTimer Tools) C:\Users\Samira\Downloads\TFC.exe
2013-09-02 13:11 - 2011-05-29 11:40 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-272472105-3204116038-1883624732-1000Core.job
2013-09-02 11:45 - 2013-09-02 11:45 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Avira
2013-09-02 11:44 - 2013-09-02 11:44 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Malwarebytes
2013-09-02 11:43 - 2013-09-02 11:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Samira\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-02 11:43 - 2013-09-02 11:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 11:41 - 2013-09-02 11:41 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-02 11:41 - 2013-09-02 11:41 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-09-02 11:38 - 2013-09-02 11:38 - 00001940 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-02 11:38 - 2013-09-02 11:38 - 00000000 ____D C:\ProgramData\Avira
2013-09-02 11:38 - 2013-09-02 11:38 - 00000000 ____D C:\Program Files\Avira
2013-09-01 16:57 - 2010-06-24 10:43 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-31 20:32 - 2013-09-02 11:38 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-31 20:32 - 2013-09-02 11:38 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-08-30 20:24 - 2013-03-08 20:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-21 17:56
==================== End Of Log ============================
PS: Meine Freundin ist dir auch sehr dankbar, sie will, dass ich unbedingt diesen Smiley schreibe, weil sie ihn so "suess" findet....  |
|
02.10.2013, 16:41
| #8 |
| /// Malwareteam | Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde an Sorry für die Verzögerung. Danke für den Smiley Wir sollten jetzt fertig sein. Noch Aufräumen und Absichern und dann bist du entlassen Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Adobe-Reader-Update
Schritt 3 Die Reihenfolge ist hier entscheidend.
Schritt 4 Jetzt, da wir die Bereinigung erfolgreich abgeschlossen haben, möchte ich dir noch ein paar Programme und Verhaltensweisen mit auf den Weg geben, mit denen du eine Infektion in Zukunft vermeiden kannst. Updatestand von System und Programmen: Eine große Anzahl Schadprogramme nutzt Sicherheitslücken in deinem Windows und den installierten Programmen, um auf deinem System aktiv zu werden. Jetzt bist du als User gefragt. Malware kann nur bekannte Lücken ausnutzen, und Lücken, die bekannt werden, versuchen die Softwarehersteller schnellstmöglich durch Updates ihrer Programme zu schließen. Es ist also ungemein wichtig, dass du dein System und die darauf installierten Programme immer auf dem aktuellen Updatestand hälst.
Sicherheitsprogramme: Für ein sicheres System ist es essentiell, dass Antivirenprogramme das System überwachen, um auf Schädlinge frühzeitig aufmerksam zu machen. Die Effektivität des Sicherheitssystems kannst du erhöhen, indem du Programme, die im Gegensatz zu deinem Antivirenprogramm keinen Echtzeitscanner an Board haben, sondern sogenannte "On-Demand-Scanner" sind, in bestimmten Intervallen dein System überprüfen lässt. Kein Programm erkennt alle Infektionen, aber eine Kombination verschiedener Programme lässt die Wahrscheinlichkeit, dass eine Infektion unentdeckt bleibt, gegen Null tendieren.
Sicheres Surfen: Fast alle Infektionen sind durch Schadprogramme aus dem Internet verursacht. Dem kann man aber entgegenwirken, indem man das Surfen durch verschiedene Spezialprogramme entschärft.
Weitere Sicherheitshinweise:
Grundsätzliche Verhaltensregeln:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen und eine virenfreie Zeit zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, sodass ich diesen Thread aus meinen Abos löschen kann.
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
| Themen zu Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde an |
| adblock, administrator, dsl, error, explorer, failed, farbar, farbar recovery scan tool, flash player, helper, helper.exe, homepage, neustart, opera, plug-in, programme, pup.optional.sweetim, registry, required, riskware.tool.ck, scan, server, svchost.exe, symantec, system, udp, winlogon.exe, wmp |
WARNUNG an die MITLESER: 
Linear-Darstellung
