| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mixi Dj Search lässt sich nicht löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.09.2013, 05:56
| #1 |
| |  Mixi Dj Search lässt sich nicht löschen Seit ein paar Tagen lädt Firefox (Version 23.0.1) nach anklicken von "Datei / neuer Tab" diese Suchmaschine. Ich bekomme das auch nicht durch verändern der Programmeinstellungen abgeschaltet. Die Analysetools habe ich alle laufen lassen - bis auf GMER. Das Programm GMER läuft auf meinem Laptop sofort nach Programmaufruf los - eine Möglichkeit, die Parameter wie gewünscht zu setzen, gibt es nicht. So soll ich ja bei IAT/EAT den Haken entfernen. Das geht also nicht; außerdem läuft das Programm dann unendlich lange ohne Ergebnisangabe. Ich breche das Programm dann nach 5 Stunden ab. Ich habe das Programm (unter Vista) als normaler Anwender als auch als Admin laufen lassen - beides funktioniert nicht. Die anderen Ergebnisprotokolle folgen hier: defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:22 on 17/09/2013 (**** ******) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- --------------------------------------------------------------------  FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by ***** ********* (administrator) on RR-SONY on 17-09-2013 11:27:34
Running from C:\Users\***** *********\Desktop\Analyse
Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Realtek Semiconductor) C:\Windows\RtkAudioService.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\upeksvr.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(BandRich Inc.) C:\Program Files\o2 Verbindungsmanager\BRService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Allway Sync\Bin\SyncService.exe
() C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
(REINER SCT) C:\Windows\system32\cjpcsc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(InterVideo) c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files\Polar\Daemon\polard.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SafeNet, Inc.) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\LANUtil.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Akamai Technologies, Inc.) C:\Users\***** *********\AppData\Local\Akamai\netsession_win.exe
(sw4you, Siegfried Weckmann) C:\Program Files\hardcopy\hardcopy.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
() C:\Program Files\Polar\WebSync\WebSync.exe
(Akamai Technologies, Inc.) C:\Users\***** *********\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files\hardcopy\hcdll2_ex_Win32.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [MsmqIntCert] - regsvr32 /s mqrt.dll
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BrStsWnd] - C:\Program Files\Brownie\BrstsWnd.exe [3618104 2009-08-19] (brother)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [GDFirewallTray] - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM\...\Run: [G Data AntiVirus Tray] - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-28] (Realtek Semiconductor)
HKLM\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [262144 2008-11-05] (Sony Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [122880 2008-02-21] (Alps Electric Co., Ltd.)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\VESWinlogon: C:\Windows\SYSTEM32\VESWinlogon.dll (Sony Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\***** *********\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Bildschirmdruckprogramm] - C:\Program Files\Hardcopy\Hardcopy.exe [3510784 2011-11-01] (sw4you, Siegfried Weckmann)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
MountPoints2: {1dbad7b3-b580-11dd-906c-806e6f6e6963} - G:\autorun\Launcher.exe
HKU\Administrator.RR-Sony\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Administrator.RR-Sony\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
Lsa: [Notification Packages] scecli psqlpwd
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=9c7848de-8cc4-4a41-b908-5c416181c049&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=9c7848de-8cc4-4a41-b908-5c416181c049&searchtype=ds&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=9c7848de-8cc4-4a41-b908-5c416181c049&searchtype=ds&q={searchTerms}
SearchScopes: HKLM - {10FAD6AC-3F0D-4801-A32E-B084EAAABBCC} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
FireFox:
========
FF ProfilePath: C:\Users\***** *********\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default
FF user.js: detected! => C:\Users\***** *********\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\user.js
FF NewTab: hxxp://mixidj.delta-search.com/?babsrc=NT_ss&mntrId=A0CE001A80D937DA&affID=121128&tsp=5005
FF Homepage: hxxp://www.bing.com/?cc=de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll No File
FF SearchPlugin: C:\Users\***** *********\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\***** *********\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: No Name - C:\Users\***** *********\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
========================== Services (Whitelisted) =================
S4 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-06] (Adobe Systems Incorporated)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2095944 2013-06-21] (G Data Software AG)
R2 BandLuxe_Service; C:\Program Files\o2 Verbindungsmanager\BRService.exe [87264 2009-06-14] (BandRich Inc.)
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-07-02] ()
R2 BRA_Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-08-04] ()
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [7454608 2013-05-09] (DisplayLink Corp.)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R3 GDFwSvc; C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2362744 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [29696 2006-11-02] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation)
R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [299008 2008-11-03] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 Polar Daemon; C:\Program Files\Polar\Daemon\polard.exe [413184 2012-08-17] ()
R2 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992 2007-04-27] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2007-04-27] (SafeNet, Inc)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-06-13] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-10] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-16] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [722288 2010-04-09] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [358400 2010-04-13] (SafeNet Inc.)
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-02-17] (AVM Berlin)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 DisplayLinkUsbIo; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_7.2.47873.0.sys [36752 2013-05-13] ()
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [338736 2013-05-09] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [15664 2013-05-09] (DisplayLink Corp.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [45912 2013-06-30] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [96344 2013-06-30] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [52056 2013-04-13] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [54104 2013-06-30] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [30896 2013-04-13] (G Data Software)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
S3 GTSCSER; C:\Windows\System32\DRIVERS\gtscser.sys [21504 2007-11-30] (Option N.V.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [51032 2013-06-30] (G Data Software AG)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [40496 2008-09-26] (Paragon Software Group)
S3 KOBB1USB; C:\Windows\System32\DRIVERS\KOBB1USB.sys [33351 2004-10-29] (KOBIL Systems)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1587632 2006-06-26] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1952816 2006-06-26] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [621056 2008-04-14] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-07-11] (DiBcom S.A.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [126976 2008-01-21] (Microsoft Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 shpf; C:\Windows\System32\DRIVERS\shpf.sys [22560 2008-01-31] (Sony Corporation)
S3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [35328 2007-04-27] (SafeNet, Inc.)
R3 SPI; C:\Windows\System32\DRIVERS\SonyPI.sys [14720 2008-01-07] (Sony Corporation)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [12288 2011-06-02] (Datacolor)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2008-01-07] (TeamViewer GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2012-11-30] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2012-11-30] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2012-11-30] (Paragon)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [10240 2011-06-22] (Nicomsoft Ltd.)
U5 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [84832 2002-07-17] (Adaptec)
S3 btwampfl; system32\drivers\btwampfl.sys [x]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [x]
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [x]
S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO.SYS [x]
S3 nmwcd; system32\drivers\ccdcmb.sys [x]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PAC207; system32\DRIVERS\PFC027.SYS [x]
U5 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [90688 2007-04-27] (SafeNet, Inc.)
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [x]
S2 XAudio; system32\DRIVERS\xaudio.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-17 11:25 - 2013-09-17 11:25 - 00000000 ____D C:\FRST
2013-09-17 11:22 - 2013-09-17 11:24 - 00000486 _____ C:\Users\***** *********\Desktop\defogger_disable.log
2013-09-17 11:22 - 2013-09-17 11:22 - 00000000 _____ C:\Users\***** *********\defogger_reenable
2013-09-16 17:15 - 2013-09-17 11:24 - 00000000 ____D C:\Users\***** *********\Desktop\Analyse
2013-09-16 14:16 - 2013-09-16 14:16 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-14 20:47 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-14 20:47 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-14 20:47 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-14 20:47 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-14 20:47 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-14 20:47 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-14 20:47 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-14 20:47 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-14 20:47 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-14 20:47 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-14 20:47 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-14 20:47 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-14 20:47 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-14 20:47 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-14 20:47 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-14 20:47 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-14 20:44 - 2013-09-14 20:44 - 00000000 ____D C:\Users\***** *********\.android
2013-09-14 20:43 - 2013-09-14 20:43 - 00000000 ____D C:\Users\***** *********\AppData\Local\Babylon
2013-09-14 20:33 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-14 20:33 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-08-28 07:47 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-25 17:33 - 2013-08-25 17:33 - 00118670 _____ C:\Users\***** *********\Documents\Backup SG2 2013-08-25.mpb
2013-08-25 07:06 - 2013-09-17 10:48 - 00001888 _____ C:\Windows\PFRO.log
==================== One Month Modified Files and Folders =======
2013-09-17 11:25 - 2013-09-17 11:25 - 00000000 ____D C:\FRST
2013-09-17 11:24 - 2013-09-17 11:22 - 00000486 _____ C:\Users\***** *********\Desktop\defogger_disable.log
2013-09-17 11:24 - 2013-09-16 17:15 - 00000000 ____D C:\Users\***** *********\Desktop\Analyse
2013-09-17 11:22 - 2013-09-17 11:22 - 00000000 _____ C:\Users\***** *********\defogger_reenable
2013-09-17 11:22 - 2008-11-08 17:36 - 00000000 ____D C:\Users\***** *********
2013-09-17 11:18 - 2012-09-02 17:32 - 01150944 _____ C:\Windows\WindowsUpdate.log
2013-09-17 11:04 - 2012-04-04 17:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-17 11:02 - 2008-07-09 10:29 - 00624911 _____ C:\ProgramData\nvModes.dat
2013-09-17 11:02 - 2008-07-09 10:29 - 00624911 _____ C:\ProgramData\nvModes.001
2013-09-17 11:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-09-17 11:01 - 2008-11-11 22:51 - 00000438 _____ C:\Windows\Brownie.ini
2013-09-17 11:00 - 2011-04-02 19:21 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-09-17 11:00 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-17 11:00 - 2006-11-02 14:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 11:00 - 2006-11-02 14:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 10:59 - 2008-07-09 09:42 - 00003204 _____ C:\Windows\bthservsdp.dat
2013-09-17 10:59 - 2006-11-02 15:01 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-17 10:58 - 2008-11-08 17:36 - 00000000 ____D C:\Users\***** *********\AppData\Local\Adobe
2013-09-17 10:48 - 2013-08-25 07:06 - 00001888 _____ C:\Windows\PFRO.log
2013-09-16 14:16 - 2013-09-16 14:16 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-16 11:30 - 2013-03-24 13:10 - 00000000 ____D C:\Program Files\StarMoney 9.0
2013-09-15 20:32 - 2008-11-11 23:00 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-09-15 07:32 - 2012-04-04 17:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-15 07:32 - 2011-05-18 06:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 07:28 - 2012-11-29 12:23 - 00000000 ____D C:\Program Files\StarMoney Business 5.0
2013-09-14 20:55 - 2013-07-24 18:03 - 00452144 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-14 20:47 - 2011-08-22 20:55 - 00000000 ____D C:\Users\***** *********\AppData\Roaming\MyPhoneExplorer
2013-09-14 20:46 - 2013-08-15 08:23 - 00000000 ____D C:\Windows\system32\MRT
2013-09-14 20:44 - 2013-09-14 20:44 - 00000000 ____D C:\Users\***** *********\.android
2013-09-14 20:43 - 2013-09-14 20:43 - 00000000 ____D C:\Users\***** *********\AppData\Local\Babylon
2013-09-14 20:43 - 2012-08-20 19:16 - 00000000 ____D C:\Program Files\MyPhoneExplorer
2013-09-14 20:40 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-25 17:33 - 2013-08-25 17:33 - 00118670 _____ C:\Users\***** *********\Documents\Backup SG2 2013-08-25.mpb
2013-08-24 22:32 - 2008-11-08 20:58 - 00000000 ____D C:\Users\***** *********\AppData\Roaming\FileZilla
2013-08-24 22:27 - 2011-01-29 20:23 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-08-18 09:04 - 2012-05-01 07:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
Some content of TEMP:
====================
C:\Users\***** *********\AppData\Local\Temp\7za.exe
C:\Users\***** *********\AppData\Local\Temp\hijackthis.exe
C:\Users\***** *********\AppData\Local\Temp\MixiDJToolbar_yh.exe
C:\Users\***** *********\AppData\Local\Temp\NirCmd.exe
C:\Users\***** *********\AppData\Local\Temp\PEVZ.EXE
C:\Users\***** *********\AppData\Local\Temp\remove.exe
C:\Users\***** *********\AppData\Local\Temp\sed.exe
C:\Users\***** *********\AppData\Local\Temp\shortcut.exe
C:\Users\***** *********\AppData\Local\Temp\SHSetup.exe
C:\Users\***** *********\AppData\Local\Temp\swreg.exe
C:\Users\***** *********\AppData\Local\Temp\swxcacls.exe
C:\Users\***** *********\AppData\Local\Temp\wget.exe
C:\Users\***** *********\AppData\Local\Temp\zoek-delete.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-17 11:08
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013 03
Ran by **** ******* at 2013-09-17 11:28:10
Running from C:\Users\**** *******\Desktop\Analyse
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
1&1 EasyLogin
7-Zip 9.20
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Adobe AIR (Version: 3.7.0.2090)
Adobe Community Help (Version: 3.2.2)
Adobe Community Help (Version: 3.2.2.660)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Lens Profile Downloader (Version: 1.0.1)
Adobe Photoshop Elements 9 (Version: 9.0.3.0)
Adobe Photoshop Lightroom 4.4 (Version: 4.4.1)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Akamai NetSession Interface Service
Alps Pointing-device for VAIO
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft WebCam Companion 2
AVS Media Player 4.1.10.99 (Version: 4.1.10.99)
AVS Update Manager 1.0
AVS Video Converter 8 (Version: 8.3.2.533)
AVS4YOU Software Navigator 1.4
Bonjour (Version: 3.0.0.10)
BRAdmin Professional 3 (Version: 3.40.0006)
Brother HL-2070N (Version: 1.00)
Brother HL-3040CN (Version: 1.00)
CCleaner (Version: 4.02)
cyberJack Base Components (Version: 6.10.0)
D3DX10 (Version: 15.4.2368.0902)
DHTML Editing Component (Version: 6.02.0001)
DisplayLink Core Software (Version: 7.2.47873.0)
DisplayLink Graphics (Version: 5.2.23316.0)
DNA A900, A850, A700 tethered capture support plug-in for Lightroom 3 Version 1.2 (Version: 1.2)
Elements 9 Organizer (Version: 9.0)
Elements STI Installer (Version: 1.0)
Elevated Installer (Version: 2.1.13)
EPSON Scan
FastStone Image Viewer 4.8 (Version: 4.8)
FileZilla Client 3.7.3 (Version: 3.7.3)
FUJIFILM Fotoservice 4.0
G Data InternetSecurity 2014 (Version: 24.0.2.4)
Garmin Communicator Plugin (Version: 4.0.3)
Garmin Express (Version: 2.1.13)
Garmin Express Tray (Version: 2.1.13)
Garmin MapSource (Version: 6.16.3)
Garmin TOPO Deutschland v3 (Version: 3.0.0.0)
Garmin Training Center (Version: 3.6.1)
Garmin Update Service (Version: 2.1.13)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.6)
GlobeTrotter Connect (Version: 2.3.0.630)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
Hardcopy (C:\Program Files\hardcopy) (Version: 2011.11.01 - R)
Image Data Converter (Version: 4.2.01.09050)
ImagXpress (Version: 7.0.74.0)
indii.org/tintii
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi-Software (Version: 12.04.3000)
Intel® Matrix Storage Manager
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Kies Air Discovery Service
Logitech Updater (Version: 1.70)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software-Treiberpaket (Version: 12.0.1278)
MapSource Topo Nederland (Version: 1.10)
Media Player Classic - Home Cinema v1.4.2499.0 (Version: 1.4.2499.0)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (Version: 2.0.1578.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MozBackup 1.5.1
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Club VAIO (Version: 2.1)
MyFreeCodec
MyPhoneExplorer (Version: 1.8.5)
N-Banking 3.5
NEC DISPLAY SOLUTIONS: Desktop Monitor Installer (Version: 0.11.12.21)
Nero BurnLite 10 (Version: 10.0.10100.1.100)
Nero BurnLite 10 (Version: 10.0.10500)
Nero Control Center 10 (Version: 10.0.13100.3.1)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.15100.0.1)
neroxml (Version: 1.0.0)
NVIDIA Drivers
o2 Verbindungsmanager (Version: 1.10.0006)
OpenOffice 4.0.0 (Version: 4.00.9702)
Paragon Festplatten Managerâ„¢ 12 Suite Demo (Version: 90.00.0003)
Paragon Festplatten Managerâ„¢ 2009 Suite (Version: 90.00.0003)
PC Connectivity Solution (Version: 10.33.1.0)
PDFill PDF Editor with FREE Writer and FREE Tools (Version: 9.0)
Personal Backup 5.4 (Version: 5.3)
Picasa 3 (Version: 3.9)
PlayMemories Home (Version: 7.0.03.04240)
Polar Daemon (Version: 2.2.20000)
Polar WebSync (Version: 2.8.10006)
Protector Suite QL 5.6 (Version: 5.6.2.3651)
Realtek High Definition Audio Driver (Version: 6.0.1.5624)
Remote Camera Control (Version: 3.0.09100)
Roxio Central Audio (Version: 3.7.0)
Roxio Central Copy (Version: 3.7.0)
Roxio Central Core (Version: 3.7.0)
Roxio Central Data (Version: 3.7.0)
Roxio Central Tools (Version: 3.7.0)
Roxio Easy Media Creator 10 LJ (Version: 10.1)
Roxio Easy Media Creator Home (Version: 1.1.082)
Samsung Kies (Version: 2.1.0.11095_121)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Sentinel Protection Installer 7.4.0 (Version: 7.4.0)
Setting Utility Series (Version: 4.0.00.18230)
Sony RAW Driver (Version: 2.0.00.08130)
SpectraView Profiler 5.0.4
SplitCam (Version: 5.4.3.18)
StarMoney (Version: 1.0)
StarMoney (Version: 3.0.0.124)
StarMoney (Version: 3.0.5.8)
StarMoney (Version: 4.0.0.203)
StarMoney 9.0 (Version: 9.0)
StarMoney Business 5.0 (Version: 5.0)
TeamViewer 7 (Version: 7.0.17271)
TerraTec Home Cinema (Version: 6.23.17)
Topo Deutschland v2 (Version: 2.00)
TuneUp Utilities 2011 (Version: 10.0.4600.4)
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4600.4)
Unterstützung für VAIO-Präsentation (Version: 1.0.00.04240)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VAIO Control Center (Version: 3.0.00.16210)
VAIO Data Restore Tool (Version: 1.0.04.01170)
VAIO Energie Verwaltung (Version: 3.0.00.06160)
VAIO Event Service (Version: 4.0.00.19100)
VAIO Guide (Version: 2.3.00.13140)
VAIO Marketing Tools
VAIO Smart Network (Version: 2.0.1.11050)
VAIO Update (Version: 5.1.1.04090)
VAIO Wallpaper Contents (Version: 1.1.00.12140)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 2.0.7 (Version: 2.0.7)
VoiceOver Kit (Version: 1.42.128.0)
WIDCOMM Bluetooth Software 6.1.0.2200 (Version: 6.1.0.2200)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile-Gerätecenter (Version: 6.0.6783.0)
Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.0.6783.0)
WinDVD for VAIO (Version: 8.0-B9.428)
WinGDB3 3.4 (Version: 3.4 )
XRD i1d3 (Version: 1.0.135)
==================== Restore Points =========================
16-09-2013 12:51:33 First Restore Point
16-09-2013 13:32:23 zoek.exe restore point
16-09-2013 15:06:31 zoek.exe restore point
16-09-2013 16:30:16 zoek.exe restore point
16-09-2013 17:22:13 zoek.exe restore point
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {00C4441A-985D-415C-A8A6-F4218E7CA2A5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {020B98F4-7C85-47C4-9C44-382C0100BE33} - System32\Tasks\{E431249F-4557-46AB-B23A-15CB0AEBFF23} => C:\Program Files\Skype\Phone\Skype.exe
Task: {05B49923-4EEE-4963-BF24-1512AE91D737} - System32\Tasks\GoogleUpdateTaskMachineUA1cc252562cb3cf0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.)
Task: {0F8D4BA1-A9E8-4FF7-9F50-289D599BF7D2} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {21670010-91DB-4AAE-94F9-5608D18FD31D} - System32\Tasks\SONY\VAIO Update\Launch Application => C:\Program Files\Sony\VAIO Update 5\ShellExeProxy.exe [2010-04-09] (Sony Corporation)
Task: {22E1772E-7DFE-4C5F-841F-1C93FD5D82A4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {23DF2658-E926-4F41-A08A-537997069F91} - System32\Tasks\Microsoft\Java Update => C:\Program
Task: {25C3300E-EDF9-48ED-A96F-D3C931844407} - System32\Tasks\{2FD04586-EF6B-4DAC-936B-71DB74015A2C} => C:\Program Files\Skype\Phone\Skype.exe
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {31D0C8A4-B75D-4D62-A659-434925C2BAAA} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {373EFA3A-131B-44E7-BECE-6CE9C2666C4D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {43E2F01C-30AE-475B-B34B-4F662B13ACD4} - System32\Tasks\AdobeAAMUpdater-1.0-RR-Sony-**** ******* => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {54B351BB-F62E-4AA7-A453-A9EED993960B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-12-13] (TuneUp Software)
Task: {585C0BAB-964C-4C77-8A12-79E705BBF11B} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {59B930B0-C79D-49F8-8053-8FC7490E6091} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {64EDC024-2095-4C4C-B8C5-BB1EA1A330BD} - System32\Tasks\Microsoft\Adobe Update => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {711BBB8F-6143-472D-B896-8313991AFFA9} - System32\Tasks\Java updater starten => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {7722042C-B6F7-4053-A334-196AB03E0F7F} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {9D5C5E8B-4EFA-4243-B204-24A60C9D4D32} - System32\Tasks\GoogleUpdateTaskMachineCore1cc2525627b2120 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.)
Task: {A0FC09DA-FAFC-4C28-BF38-423FE205DDDA} - System32\Tasks\Microsoft\Mplayer update => C:\Program Files\MPlayer\MPlayer\AutoUpdate.exe
Task: {A51F4A47-8CA3-4F2C-9BAA-342FE7E7B328} - System32\Tasks\{7102CAC6-8636-4198-8F0B-CF4928A7BBD1} => C:\Program Files\Skype\Phone\Skype.exe
Task: {AD1BDBC5-9F61-4F6C-87A6-F80981DE07DB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {B0626C36-F9F5-49D8-9424-2D778D9E2977} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {B1B19734-2D39-4222-BB68-9E89FB1C30B7} - System32\Tasks\Paragon File Archive name arc_260713103228882 => C:\Program Files\Paragon Software\Festplatten Manager 12 Suite Demo\program\scripts.exe [2012-11-30] (Paragon Software Group)
Task: {B6307320-3121-4DDF-B47D-4F0CED3FDBED} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2008-01-21] (Microsoft Corporation)
Task: {BB91A135-F5A5-413D-9DDD-CF911FB86DB2} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - **** ******* => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {BB929985-5023-4C5D-AEE8-14CD9F251A6F} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {D4780D46-47F8-4686-BD94-92DA79F4371E} - System32\Tasks\User_Feed_Synchronization-{385919E6-3339-4875-B9AD-6C88FB67870F} => C:\Windows\system32\msfeedssync.exe [2011-04-02] (Microsoft Corporation)
Task: {D96F48EF-D713-489C-B258-2205C3543F78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-15] (Adobe Systems Incorporated)
Task: {DF7121AF-AE69-48BD-9C3F-420ABA007CAF} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2010-04-09] (Sony Corporation)
Task: {E8FB8382-880F-42A3-BC1E-288E5BD1D687} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cc2525627b2120.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cc252562cb3cf0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Paragon File Archive name arc_260713103228882.job => C:\Program Files\Paragon Software\Festplatten Manager 12 Suite Demo\program\scripts.exe
==================== Loaded Modules (whitelisted) =============
2008-06-25 02:08 - 2008-06-25 02:08 - 00567840 _____ (NVIDIA Corporation) C:\Windows\system32\NVSVC.DLL
2013-07-24 18:14 - 2011-10-31 08:00 - 00052224 _____ () C:\Program Files\hardcopy\HcDLL2_31_Win32.dll
2013-05-09 06:11 - 2013-05-09 06:11 - 00960400 _____ (DisplayLink Corp.) C:\Windows\system32\dlumd32.dll
2008-06-25 02:07 - 2008-06-25 02:07 - 05529600 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2012-01-27 15:01 - 2013-02-25 05:16 - 01268688 _____ (G Data Software AG) C:\Program Files\G Data\InternetSecurity\Shredder\Reisswlf.dll
2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2007-10-30 11:23 - 2007-10-30 11:23 - 00184320 _____ (Broadcom Corporation.) C:\Windows\system32\btncopy.dll
2013-05-09 06:11 - 2013-05-09 06:11 - 00091024 _____ (DisplayLink Corp.) C:\Windows\system32\ManageTMMLifeTime.dll
2013-05-09 06:11 - 2013-05-09 06:11 - 00093584 _____ (DisplayLink Corp.) C:\Windows\system32\DLTmmB.dll
2008-06-25 02:08 - 2008-06-25 02:08 - 00098304 _____ (NVIDIA Corporation) C:\Windows\system32\NvTmmHyb.dll
2008-06-25 02:07 - 2008-06-25 02:07 - 00430080 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2013-05-09 06:11 - 2013-05-09 06:11 - 01068432 _____ (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\AddOnApi.dll
2013-02-25 04:12 - 2013-02-25 04:12 - 01019344 ____N (G Data Software AG) C:\Program Files\Common Files\G Data\ObjBrwse.dll
2013-02-25 14:59 - 2013-02-25 14:59 - 01633768 ____N (G Data Software AG) C:\Program Files\G Data\InternetSecurity\Common\AVKRes.dll
2013-02-25 04:57 - 2013-02-25 04:57 - 00264144 ____N (G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\BanksafeLDR.dll
2008-07-09 13:56 - 2008-07-09 13:56 - 00086016 _____ (Sony Corporation) C:\Windows\assembly\GAC_MSIL\SPMCommon\3.0.0.4140__e3c7096ba83f9295\SPMCommon.dll
2008-07-09 13:56 - 2008-07-09 13:56 - 00045056 _____ (Sony Corporation) C:\Windows\assembly\GAC_MSIL\SPMDam\3.0.0.4140__1b3c579b6925895f\SPMDam.dll
2008-06-25 02:06 - 2008-06-25 02:06 - 00092704 _____ (NVIDIA Corporation) C:\Windows\system32\NvMcTray.dll
2008-06-25 02:07 - 2008-06-25 02:07 - 00430080 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2008-02-21 02:14 - 2008-02-21 02:14 - 00100542 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\VXDIF.DLL
2013-07-24 18:14 - 2011-10-31 08:06 - 02921472 _____ () C:\Program Files\hardcopy\HcDllS.dll
2013-07-24 18:14 - 2010-09-30 10:14 - 00055296 _____ () C:\Program Files\hardcopy\hardcopy_03.dll
2012-12-21 15:16 - 2012-12-18 03:07 - 00165328 _____ (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\AgentDialogs.dll
2012-12-21 15:17 - 2012-12-18 03:07 - 00053200 _____ (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\AgentModels.dll
2012-12-21 15:16 - 2012-12-18 03:07 - 00119248 _____ (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\GlobalUtil.dll
2011-10-31 12:23 - 2012-12-18 03:07 - 01000912 _____ (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
2012-12-21 15:17 - 2012-12-18 03:07 - 01623504 _____ (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\AgentModule.dll
2012-12-21 15:16 - 2012-12-18 03:07 - 00106496 _____ (TODO: <Company name>) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\BaseUI.dll
2012-12-21 15:17 - 2012-12-18 03:07 - 03340768 _____ (Codejock Software) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ToolkitPro1331vc90U.dll
2013-02-26 16:59 - 2013-02-26 16:59 - 00110648 _____ () C:\Program Files\Polar\WebSync\PTransform.dll
2010-02-10 16:06 - 2010-02-10 16:06 - 00334848 _____ () C:\Program Files\Polar\WebSync\QtXml4.dll
2011-01-14 16:01 - 2011-01-14 16:01 - 02142720 _____ () C:\Program Files\Polar\WebSync\QtCore4.dll
2013-02-26 16:59 - 2013-02-26 16:59 - 03722296 _____ () C:\Program Files\Polar\WebSync\libpolar.dll
2010-02-10 16:22 - 2010-02-10 16:22 - 07971840 _____ () C:\Program Files\Polar\WebSync\QtGui4.dll
2010-02-10 16:07 - 2010-02-10 16:07 - 00929280 _____ () C:\Program Files\Polar\WebSync\QtNetwork4.dll
2010-02-10 18:45 - 2010-02-10 18:45 - 00025600 _____ () C:\Program Files\Polar\WebSync\imageformats\qgif4.dll
2010-02-10 18:45 - 2010-02-10 18:45 - 00119808 _____ () C:\Program Files\Polar\WebSync\imageformats\qjpeg4.dll
2007-01-24 12:20 - 2007-01-24 12:20 - 00058248 _____ (Microsoft Corporation) C:\Windows\WindowsMobile\wmdsyncman.dll
2011-12-13 10:29 - 2011-12-13 10:29 - 00030016 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll
2010-03-30 19:32 - 2010-03-30 19:32 - 00073728 _____ (F.J. Wechselberger) C:\Program Files\MyPhoneExplorer\DLL\ShellMgr.dll
2013-02-25 05:14 - 2013-02-25 05:14 - 00429008 ____N (G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\ShellExt.dll
==================== Alternate Data Streams (whitelisted) ==========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/17/2013 11:24:56 AM) (Source: profsvc) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:24:55 AM) (Source: profsvc) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:21:28 AM) (Source: profsvc) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:21:28 AM) (Source: profsvc) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:02:31 AM) (Source: profsvc) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:01:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2013 11:00:54 AM) (Source: profsvc) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:00:51 AM) (Source: profsvc) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:00:51 AM) (Source: profsvc) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 10:59:19 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung RtkAudioService.exe, Version 1.0.0.12, Zeitstempel 0x48154a89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0x724, Anwendungsstartzeit RtkAudioService.exe0.
System errors:
=============
Error: (09/17/2013 11:04:30 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (09/17/2013 11:02:27 AM) (Source: Service Control Manager) (User: )
Description: SQL Server VSS Writer1
Error: (09/17/2013 11:02:27 AM) (Source: Service Control Manager) (User: )
Description: Diagnosesystemhost
Error: (09/17/2013 11:01:52 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (09/17/2013 11:00:33 AM) (Source: PlugPlayManager) (User: )
Description: Das Gerät "Mobile Intel(R) 45 Express Chipset Series PCI Express Root Port - 2A41" (PCI\VEN_8086&DEV_2A41&SUBSYS_9025104D&REV_07\3&21436425&0&08) wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error: (09/17/2013 10:52:15 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (09/17/2013 10:50:09 AM) (Source: Service Control Manager) (User: )
Description: SQL Server VSS Writer1
Error: (09/17/2013 10:50:09 AM) (Source: Service Control Manager) (User: )
Description: Diagnosesystemhost
Error: (09/17/2013 10:49:44 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (09/17/2013 10:48:31 AM) (Source: PlugPlayManager) (User: )
Description: Das Gerät "Mobile Intel(R) 45 Express Chipset Series PCI Express Root Port - 2A41" (PCI\VEN_8086&DEV_2A41&SUBSYS_9025104D&REV_07\3&21436425&0&08) wurde ohne vorbereitende Maßnahmen vom System entfernt.
Microsoft Office Sessions:
=========================
Error: (09/17/2013 11:24:56 AM) (Source: profsvc)(User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:24:55 AM) (Source: profsvc)(User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:21:28 AM) (Source: profsvc)(User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:21:28 AM) (Source: profsvc)(User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:02:31 AM) (Source: profsvc)(User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:01:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2013 11:00:54 AM) (Source: profsvc)(User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:00:51 AM) (Source: profsvc)(User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 11:00:51 AM) (Source: profsvc)(User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.
Error: (09/17/2013 10:59:19 AM) (Source: Application Error)(User: )
Description: RtkAudioService.exe1.0.0.1248154a89unknown0.0.0.000000000c00000050000000072401ceb382ab9b240e
CodeIntegrity Errors:
===================================
Date: 2013-09-17 11:27:45.716
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-17 11:27:45.482
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-17 11:27:45.311
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-17 11:27:45.124
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-17 11:27:42.971
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\dlkmd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-17 11:27:42.799
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\dlkmd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-17 11:27:42.628
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\dlkmd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-17 11:27:42.440
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\dlkmd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-17 11:24:58.642
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\DisplayLink Core Software\WDDMDriver\dlkmd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-17 11:24:58.439
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\DisplayLink Core Software\WDDMDriver\dlkmd.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 3001.95 MB
Available physical RAM: 1531.93 MB
Total Pagefile: 6206.92 MB
Available Pagefile: 4054.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.41 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:128.45 GB) (Free:77.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:104.43 GB) (Free:67.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 90C0B686)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104 GB) - (Type=05)
==================== End Of Log ============================
__________________ Gruß Rolf |
|
18.09.2013, 08:42
| #2 | |
| /// the machine /// TB-Ausbilder    | Mixi Dj Search lässt sich nicht löschen hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
18.09.2013, 19:03
| #3 |
| | Mixi Dj Search lässt sich nicht löschen Wenn ich das Programm starte, meldet sich meine Firewall weil folgende Programme als evtl. bösartig erscheinen:
__________________cmd.3xe pev.exe nsf559.tmp ns1104.tmp nsb614.tmp nscab.tmp Kann ich die Programme alle zulassen? Ich habe jetzt auch die Firewall deaktiviert und nun läuft ombofix ... "current file SECURITY / 0 of 10 files saved". Bin gespannt wie lange das Programm läuft Ich habe Combofix jetzt 5 Stunden laufen lassen, aber das Programm kommt über den ersten Schritt "SECURITY" nicht hinaus. Irgendwie kreist das Programm in der ersten von 10 Aufgaben. GDATA-Virusscanner, Firewall und Autopilot waren abgeschaltet. Was kann die Ursache sein?
__________________ |
|
18.09.2013, 20:49
| #4 |
| /// the machine /// TB-Ausbilder | Mixi Dj Search lässt sich nicht löschen Firewall aus, AV Programm aus. Dann Combofix nochmal laufen lassen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.09.2013, 22:33
| #5 |
| | Mixi Dj Search lässt sich nicht löschen Ich hatte bereits einen Versuch mit ausgeschaltetem Virenscanner und ausgeschalteter Firewall. Das Ergebnis war - wie beschrieben - ein Dauerläufer, der an der ersten Aufgabe SECURITY kreist und kein Ergebnis bringt. Es muss m.E. ein anderer Grund vorliegen. Endlich hat es geklappt. Musste das Backup "Security" canceln, dann lief es. Hier ist das Log: Combofix Logfile: Code:
ATTFilter ComboFix 13-09-17.01 - **** ******* 18.09.2013 22:08:58.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.3002.1343 [GMT 2:00]
ausgeführt von:: c:\users\**** *******\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2014 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2014 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\**** *******\%appda~1
c:\users\**** *******\%appda~1\Microsoft\Windows\IETldCache\index.dat
c:\users\**** *******\AppData\Roaming\1&1
c:\users\**** *******\AppData\Roaming\1&1\1&1 EasyLogin\customer.xml
c:\users\**** *******\AppData\Roaming\1&1\1&1 EasyLogin\EasyLogin.log
c:\users\**** *******\AppData\Roaming\1&1\1&1 EasyLogin\update\EasyLogin_setup_DE.exe
c:\users\**** *******\AppData\Roaming\CLDeviceCorrectionsLog.txt
c:\users\**** *******\AppData\Roaming\Microsoft\Windows\Templates\freac-1.0.20a.exe
c:\windows\IsUn0407.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\Thumbs.db
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-18 bis 2013-09-18 ))))))))))))))))))))))))))))))
.
.
2013-09-18 21:11 . 2013-09-18 21:12 -------- d-----w- c:\users\**** *******\AppData\Local\temp
2013-09-18 21:11 . 2013-09-18 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-18 21:11 . 2013-09-18 21:11 -------- d-----w- c:\users\Administrator.RR-Sony\AppData\Local\temp
2013-09-17 09:25 . 2013-09-17 09:25 -------- d-----w- C:\FRST
2013-09-17 09:18 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BBB2CCA-5DB4-453A-950D-A69F1B39CFFD}\mpengine.dll
2013-09-16 12:16 . 2013-09-16 12:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-09-14 18:44 . 2013-09-14 18:44 -------- d-----w- c:\users\**** *******\.android
2013-09-14 18:43 . 2013-09-14 18:43 -------- d-----w- c:\users\**** *******\AppData\Local\Babylon
2013-09-14 18:33 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll
2013-09-14 18:33 . 2013-08-08 01:45 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-08-28 05:47 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-15 05:32 . 2012-04-04 15:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-15 05:32 . 2011-05-18 04:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-07 02:22 . 2011-01-29 07:57 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 16:29 . 2013-07-25 16:29 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-25 16:29 . 2012-07-09 16:05 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-25 16:29 . 2011-02-03 16:51 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-17 19:41 . 2013-08-15 06:12 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-10 09:47 . 2013-08-15 06:12 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:10 . 2013-08-15 06:12 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-08 04:55 . 2013-08-15 06:12 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:55 . 2013-08-15 06:12 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:20 . 2013-08-15 06:12 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:16 . 2013-08-15 06:12 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:16 . 2013-08-15 06:12 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:16 . 2013-08-15 06:12 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-07-05 04:53 . 2013-08-15 06:12 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-30 15:40 . 2012-10-25 16:20 54104 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2013-06-30 15:40 . 2012-10-25 16:20 51032 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2013-06-30 15:40 . 2012-10-25 16:20 96344 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2013-06-30 15:40 . 2012-10-25 16:20 45912 ----a-w- c:\windows\system32\drivers\GDBehave.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-06-05 22:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-06-05 22:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\**** *******\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Bildschirmdruckprogramm"="c:\program files\Hardcopy\Hardcopy.exe" [2011-11-01 3510784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"MsmqIntCert"="mqrt.dll" [2009-04-11 150528]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2013-03-22 1854928]
"G Data AntiVirus Tray"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-03-22 1444304]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6139904]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-11-05 262144]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13531680]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-21 122880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Polar WebSync.lnk - c:\program files\Polar\WebSync\WebSync.exe -normal [2013-2-26 6227512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-06-05 22:03 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-10 20:10 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
backup=c:\windows\pss\Hardcopy.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2013-06-03 03:06 472984 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2013-03-27 14:18 1098072 ----a-w- c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-25 00:07 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-12-20 09:44 844296 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-12-20 09:44 1476104 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2013-04-24 03:26 740888 ----a-w- c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"gStart"=c:\garmin\gStart.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe"
"KiesPDLR"=c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdc.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" /startup
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 05:32]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc2525627b2120.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 20:13]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc252562cb3cf0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 20:13]
.
2013-07-26 c:\windows\Tasks\Paragon File Archive name arc_260713103228882.job
- c:\program files\Paragon Software\Festplatten Manager 12 Suite Demo\program\scripts.exe [2012-11-30 13:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=9c7848de-8cc4-4a41-b908-5c416181c049&searchtype=ds&q={searchTerms}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.11.1
FF - ProfilePath - c:\users\**** *******\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?cc=de
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Garmin Lifetime Updater - c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-09-18 23:12
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Zeit der Fertigstellung: 2013-09-18 23:15:32
ComboFix-quarantined-files.txt 2013-09-18 21:15
.
Vor Suchlauf: 14 Verzeichnis(se), 82.226.196.480 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 81.728.266.240 Bytes frei
.
- - End Of File - - E3B82C80C3802F79D0975F0D3752C37D
A36C5E4F47E84449FF07ED3517B43A31
__________________ Gruß Rolf |
|
19.09.2013, 10:10
| #6 |
| /// the machine /// TB-Ausbilder | Mixi Dj Search lässt sich nicht löschen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Mixi Dj Search lässt sich nicht löschen |
|
19.09.2013, 17:48
| #7 |
| | Mixi Dj Search lässt sich nicht löschen Geschafft! mixi dj ist weg: Danke für die Unterstützung!!! Hier die Logs: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.004 - Bericht erstellt am 19/09/2013 um 17:40:38
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzername : ****** - RR-SONY
# Gestartet von : C:\Users\******\Desktop\Analyse\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\******\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\******\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\******\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\******\AppData\Roaming\Toolplugin
Ordner Gelöscht : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\jetpack
[x] Nicht Gelöscht : C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKCU\Software\a68d8cb26fe443
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Complitly
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\TENCENT
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\toolplugin
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16506
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://mixidj.delta-search.com/?babsrc=NT_ss&mntrId=A0CE001A80D937DA&affID=121128&tsp=5005");
*************************
AdwCleaner[R0].txt - [6329 octets] - [19/09/2013 17:32:31]
AdwCleaner[S0].txt - [5982 octets] - [19/09/2013 17:40:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6042 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.1 (09.15.2013:1) OS: Windows Vista (TM) Business x86 Ran by ******** on 19.09.2013 at 18:28:38,63 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 19.09.2013 at 18:31:42,81 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by ***** (administrator) on RR-SONY on 19-09-2013 18:42:29
Running from C:\Users\*****\Desktop
Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Realtek Semiconductor) C:\Windows\RtkAudioService.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\upeksvr.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(BandRich Inc.) C:\Program Files\o2 Verbindungsmanager\BRService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Allway Sync\Bin\SyncService.exe
() C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
(REINER SCT) C:\Windows\system32\cjpcsc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(InterVideo) c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files\Polar\Daemon\polard.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SafeNet, Inc.) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\LANUtil.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Akamai Technologies, Inc.) C:\Users\*****\AppData\Local\Akamai\netsession_win.exe
(sw4you, Siegfried Weckmann) C:\Program Files\hardcopy\hardcopy.exe
(Akamai Technologies, Inc.) C:\Users\*****\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files\hardcopy\hcdll2_ex_Win32.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [MsmqIntCert] - regsvr32 /s mqrt.dll
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BrStsWnd] - C:\Program Files\Brownie\BrstsWnd.exe [3618104 2009-08-19] (brother)
HKLM\...\Run: [GDFirewallTray] - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM\...\Run: [G Data AntiVirus Tray] - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-28] (Realtek Semiconductor)
HKLM\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [262144 2008-11-05] (Sony Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [122880 2008-02-21] (Alps Electric Co., Ltd.)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\*****\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Bildschirmdruckprogramm] - C:\Program Files\Hardcopy\Hardcopy.exe [3510784 2011-11-01] (sw4you, Siegfried Weckmann)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Administrator.RR-Sony\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Administrator.RR-Sony\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
Lsa: [Notification Packages] scecli psqlpwd
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {10FAD6AC-3F0D-4801-A32E-B084EAAABBCC} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default
FF Homepage: hxxp://www.bing.com/?cc=de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll No File
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
========================== Services (Whitelisted) =================
S4 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-06] (Adobe Systems Incorporated)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2095944 2013-06-21] (G Data Software AG)
R2 BandLuxe_Service; C:\Program Files\o2 Verbindungsmanager\BRService.exe [87264 2009-06-14] (BandRich Inc.)
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-07-02] ()
R2 BRA_Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-08-04] ()
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [7454608 2013-05-09] (DisplayLink Corp.)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R3 GDFwSvc; C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2362744 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [29696 2006-11-02] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation)
R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [299008 2008-11-03] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 Polar Daemon; C:\Program Files\Polar\Daemon\polard.exe [413184 2012-08-17] ()
R2 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992 2007-04-27] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2007-04-27] (SafeNet, Inc)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-06-13] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-10] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-16] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [722288 2010-04-09] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [358400 2010-04-13] (SafeNet Inc.)
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-02-17] (AVM Berlin)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 DisplayLinkUsbIo; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_7.2.47873.0.sys [36752 2013-05-13] ()
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [338736 2013-05-09] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [15664 2013-05-09] (DisplayLink Corp.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [45912 2013-06-30] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [96344 2013-06-30] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [52056 2013-04-13] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [54104 2013-06-30] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [30896 2013-04-13] (G Data Software)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
S3 GTSCSER; C:\Windows\System32\DRIVERS\gtscser.sys [21504 2007-11-30] (Option N.V.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [51032 2013-06-30] (G Data Software AG)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [40496 2008-09-26] (Paragon Software Group)
S3 KOBB1USB; C:\Windows\System32\DRIVERS\KOBB1USB.sys [33351 2004-10-29] (KOBIL Systems)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1587632 2006-06-26] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1952816 2006-06-26] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [621056 2008-04-14] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-07-11] (DiBcom S.A.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [126976 2008-01-21] (Microsoft Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 shpf; C:\Windows\System32\DRIVERS\shpf.sys [22560 2008-01-31] (Sony Corporation)
S3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [35328 2007-04-27] (SafeNet, Inc.)
R3 SPI; C:\Windows\System32\DRIVERS\SonyPI.sys [14720 2008-01-07] (Sony Corporation)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [12288 2011-06-02] (Datacolor)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2008-01-07] (TeamViewer GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2012-11-30] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2012-11-30] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2012-11-30] (Paragon)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [10240 2011-06-22] (Nicomsoft Ltd.)
U5 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [84832 2002-07-17] (Adaptec)
S3 btwampfl; system32\drivers\btwampfl.sys [x]
S3 catchme; \??\C:\Users\ROLFRU~1\AppData\Local\Temp\catchme.sys [x]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [x]
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [x]
S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO.SYS [x]
S3 nmwcd; system32\drivers\ccdcmb.sys [x]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PAC207; system32\DRIVERS\PFC027.SYS [x]
U5 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [90688 2007-04-27] (SafeNet, Inc.)
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [x]
S2 XAudio; system32\DRIVERS\xaudio.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-19 18:33 - 2013-09-19 18:33 - 00000633 _____ C:\Users\*****\Desktop\RR-JRT.txt
2013-09-19 18:31 - 2013-09-19 18:31 - 00000636 _____ C:\Users\*****\Desktop\JRT.txt
2013-09-19 18:25 - 2013-09-19 13:10 - 01029675 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-09-19 17:52 - 2013-09-19 17:52 - 00000000 ____D C:\Windows\ERUNT
2013-09-19 17:46 - 2013-09-19 17:47 - 00006072 _____ C:\Users\*****\Desktop\RR-AdwCleaner[S0].txt
2013-09-19 17:32 - 2013-09-19 17:46 - 00000000 ____D C:\AdwCleaner
2013-09-19 13:11 - 2013-09-19 13:11 - 00000870 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-19 13:11 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-19 13:06 - 2013-09-17 11:16 - 01083437 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-09-19 13:03 - 2013-09-19 13:03 - 00043830 _____ C:\Users\*****\Desktop\bookmarks-2013-09-19.json
2013-09-18 23:15 - 2013-09-18 23:15 - 00018879 _____ C:\ComboFix.txt
2013-09-18 22:04 - 2013-09-18 23:16 - 00000000 ____D C:\ComboFix
2013-09-18 22:04 - 2013-09-18 23:15 - 00000000 ____D C:\Qoobox
2013-09-18 22:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-18 22:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-18 22:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-18 22:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-18 22:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-18 22:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-18 22:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-18 22:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-18 13:03 - 2013-09-18 23:12 - 00000000 ____D C:\Windows\erdnt
2013-09-18 06:46 - 2013-09-18 06:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 11:25 - 2013-09-17 11:25 - 00000000 ____D C:\FRST
2013-09-17 11:22 - 2013-09-17 11:22 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-09-16 17:15 - 2013-09-19 13:10 - 00000000 ____D C:\Users\*****\Desktop\Analyse
2013-09-16 14:16 - 2013-09-16 14:16 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-14 20:47 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-14 20:47 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-14 20:47 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-14 20:47 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-14 20:47 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-14 20:47 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-14 20:47 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-14 20:47 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-14 20:47 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-14 20:47 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-14 20:47 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-14 20:47 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-14 20:47 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-14 20:47 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-14 20:47 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-14 20:47 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-14 20:44 - 2013-09-14 20:44 - 00000000 ____D C:\Users\*****\.android
2013-09-14 20:33 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-14 20:33 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-08-28 07:47 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-25 17:33 - 2013-08-25 17:33 - 00118670 _____ C:\Users\*****\Documents\Backup SG2 2013-08-25.mpb
2013-08-25 07:06 - 2013-09-18 23:27 - 00002434 _____ C:\Windows\PFRO.log
==================== One Month Modified Files and Folders =======
2013-09-19 18:38 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-09-19 18:37 - 2008-11-11 22:51 - 00000438 _____ C:\Windows\Brownie.ini
2013-09-19 18:37 - 2008-07-09 10:29 - 00624967 _____ C:\ProgramData\nvModes.001
2013-09-19 18:36 - 2011-04-02 19:21 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-09-19 18:36 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 18:36 - 2006-11-02 14:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-19 18:36 - 2006-11-02 14:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-19 18:34 - 2012-09-02 17:32 - 01270998 _____ C:\Windows\WindowsUpdate.log
2013-09-19 18:34 - 2008-07-09 09:42 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-09-19 18:34 - 2006-11-02 15:01 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-19 18:33 - 2013-09-19 18:33 - 00000633 _____ C:\Users\*****\Desktop\RR-JRT.txt
2013-09-19 18:31 - 2013-09-19 18:31 - 00000636 _____ C:\Users\*****\Desktop\JRT.txt
2013-09-19 18:04 - 2012-04-04 17:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-19 17:52 - 2013-09-19 17:52 - 00000000 ____D C:\Windows\ERUNT
2013-09-19 17:50 - 2008-11-08 17:36 - 00000000 ____D C:\Users\*****
2013-09-19 17:47 - 2013-09-19 17:46 - 00006072 _____ C:\Users\*****\Desktop\RR-AdwCleaner[S0].txt
2013-09-19 17:46 - 2013-09-19 17:32 - 00000000 ____D C:\AdwCleaner
2013-09-19 17:44 - 2008-07-09 10:29 - 00624967 _____ C:\ProgramData\nvModes.dat
2013-09-19 13:11 - 2013-09-19 13:11 - 00000870 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-19 13:10 - 2013-09-19 18:25 - 01029675 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-09-19 13:10 - 2013-09-16 17:15 - 00000000 ____D C:\Users\*****\Desktop\Analyse
2013-09-19 13:03 - 2013-09-19 13:03 - 00043830 _____ C:\Users\*****\Desktop\bookmarks-2013-09-19.json
2013-09-19 09:24 - 2011-08-22 20:55 - 00000000 ____D C:\Users\*****\AppData\Roaming\MyPhoneExplorer
2013-09-19 06:56 - 2008-11-08 17:36 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-09-18 23:27 - 2013-08-25 07:06 - 00002434 _____ C:\Windows\PFRO.log
2013-09-18 23:16 - 2013-09-18 22:04 - 00000000 ____D C:\ComboFix
2013-09-18 23:15 - 2013-09-18 23:15 - 00018879 _____ C:\ComboFix.txt
2013-09-18 23:15 - 2013-09-18 22:04 - 00000000 ____D C:\Qoobox
2013-09-18 23:15 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-09-18 23:15 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-09-18 23:12 - 2013-09-18 13:03 - 00000000 ____D C:\Windows\erdnt
2013-09-18 23:12 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-09-18 15:41 - 2008-11-08 17:36 - 00014236 _____ C:\Users\*****\AppData\Local\d3d9caps.dat
2013-09-18 14:19 - 2013-03-24 13:10 - 00000000 ____D C:\Program Files\StarMoney 9.0
2013-09-18 08:52 - 2012-05-01 07:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-18 06:47 - 2013-09-18 06:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-18 06:36 - 2012-11-29 12:23 - 00000000 ____D C:\Program Files\StarMoney Business 5.0
2013-09-17 22:49 - 2013-05-29 17:00 - 00000000 ____D C:\Program Files\DisplayLink Core Software
2013-09-17 11:25 - 2013-09-17 11:25 - 00000000 ____D C:\FRST
2013-09-17 11:22 - 2013-09-17 11:22 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-09-17 11:16 - 2013-09-19 13:06 - 01083437 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-09-16 14:16 - 2013-09-16 14:16 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-15 20:32 - 2008-11-11 23:00 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-09-15 07:32 - 2012-04-04 17:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-15 07:32 - 2011-05-18 06:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-14 20:55 - 2013-07-24 18:03 - 00452144 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-14 20:46 - 2013-08-15 08:23 - 00000000 ____D C:\Windows\system32\MRT
2013-09-14 20:44 - 2013-09-14 20:44 - 00000000 ____D C:\Users\*****\.android
2013-09-14 20:43 - 2012-08-20 19:16 - 00000000 ____D C:\Program Files\MyPhoneExplorer
2013-09-14 20:40 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-25 17:33 - 2013-08-25 17:33 - 00118670 _____ C:\Users\*****\Documents\Backup SG2 2013-08-25.mpb
2013-08-24 22:32 - 2008-11-08 20:58 - 00000000 ____D C:\Users\*****\AppData\Roaming\FileZilla
2013-08-24 22:27 - 2011-01-29 20:23 - 00000000 ____D C:\Program Files\FileZilla FTP Client
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-19 17:51
==================== End Of Log ============================
--- --- ---
__________________ Gruß Rolf |
|
20.09.2013, 10:19
| #8 |
| /// the machine /// TB-Ausbilder | Mixi Dj Search lässt sich nicht löschenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.09.2013, 09:27
| #9 |
| | Mixi Dj Search lässt sich nicht löschen Results of screen317's Security Check version 0.99.73 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` G Data InternetSecurity 2014 Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 TuneUp Utilities 2011 TuneUp Utilities Language Pack (de-DE) CCleaner Java 7 Update 25 Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (24.0) Mozilla Thunderbird (17.0.8) ````````Process Check: objlist.exe by Laurent```````` G DATA InternetSecurity Firewall GDFirewallTray.exe G DATA InternetSecurity Firewall GDFwSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` --------------------------------------- ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=12 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=12 # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=dc9525d03f05b742a3fbade35fb1c572 # engine=15195 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-09-20 11:00:23 # local_time=2013-09-20 01:00:23 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776574 100 100 7453 217207525 0 0 # scanned=133 # found=0 # cleaned=0 # scan_time=5 ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internet# version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=dc9525d03f05b742a3fbade35fb1c572 # engine=15198 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-09-20 07:11:28 # local_time=2013-09-20 09:11:28 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776574 100 100 36918 217236990 0 0 # scanned=538180 # found=0 # cleaned=0 # scan_time=29240 ----------------------------------------------------  FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by ***** (administrator) on RR-SONY on 21-09-2013 10:21:28
Running from C:\Users\*****\Desktop
Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\upeksvr.exe
(Realtek Semiconductor) C:\Windows\RtkAudioService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(BandRich Inc.) C:\Program Files\o2 Verbindungsmanager\BRService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Allway Sync\Bin\SyncService.exe
() C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
(REINER SCT) C:\Windows\system32\cjpcsc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(InterVideo) c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\NSUService.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files\Polar\Daemon\polard.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SafeNet, Inc.) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(Sony Corporation) C:\Program Files\Sony\Network Utility\LANUtil.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Akamai Technologies, Inc.) C:\Users\*****\AppData\Local\Akamai\netsession_win.exe
(sw4you, Siegfried Weckmann) C:\Program Files\hardcopy\hardcopy.exe
() C:\Program Files\Polar\WebSync\WebSync.exe
(Akamai Technologies, Inc.) C:\Users\*****\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
() C:\Program Files\hardcopy\hcdll2_ex_Win32.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [MsmqIntCert] - regsvr32 /s mqrt.dll
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BrStsWnd] - C:\Program Files\Brownie\BrstsWnd.exe [3618104 2009-08-19] (brother)
HKLM\...\Run: [GDFirewallTray] - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM\...\Run: [G Data AntiVirus Tray] - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-28] (Realtek Semiconductor)
HKLM\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [262144 2008-11-05] (Sony Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [122880 2008-02-21] (Alps Electric Co., Ltd.)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\*****\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Bildschirmdruckprogramm] - C:\Program Files\Hardcopy\Hardcopy.exe [3510784 2011-11-01] (sw4you, Siegfried Weckmann)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Administrator.RR-Sony\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Administrator.RR-Sony\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [ 2008-11-05] (Sony Corporation)
Lsa: [Notification Packages] scecli psqlpwd
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {10FAD6AC-3F0D-4801-A32E-B084EAAABBCC} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default
FF Homepage: hxxp://www.bing.com/?cc=de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll No File
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jg13d8gj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
========================== Services (Whitelisted) =================
S4 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-06] (Adobe Systems Incorporated)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2095944 2013-06-21] (G Data Software AG)
R2 BandLuxe_Service; C:\Program Files\o2 Verbindungsmanager\BRService.exe [87264 2009-06-14] (BandRich Inc.)
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-07-02] ()
R2 BRA_Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-08-04] ()
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [7454608 2013-05-09] (DisplayLink Corp.)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R3 GDFwSvc; C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2362744 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [29696 2006-11-02] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation)
R2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [299008 2008-11-03] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 Polar Daemon; C:\Program Files\Polar\Daemon\polard.exe [413184 2012-08-17] ()
R2 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992 2007-04-27] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2007-04-27] (SafeNet, Inc)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-06-13] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-10] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-16] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [722288 2010-04-09] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [358400 2010-04-13] (SafeNet Inc.)
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-02-17] (AVM Berlin)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 DisplayLinkUsbIo; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_7.2.47873.0.sys [36752 2013-05-13] ()
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [338736 2013-05-09] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [15664 2013-05-09] (DisplayLink Corp.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [45912 2013-06-30] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [96344 2013-06-30] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [52056 2013-04-13] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [54104 2013-06-30] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [30896 2013-04-13] (G Data Software)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
S3 GTSCSER; C:\Windows\System32\DRIVERS\gtscser.sys [21504 2007-11-30] (Option N.V.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [51032 2013-06-30] (G Data Software AG)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [40496 2008-09-26] (Paragon Software Group)
S3 KOBB1USB; C:\Windows\System32\DRIVERS\KOBB1USB.sys [33351 2004-10-29] (KOBIL Systems)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1587632 2006-06-26] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1952816 2006-06-26] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [621056 2008-04-14] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-07-11] (DiBcom S.A.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [126976 2008-01-21] (Microsoft Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 shpf; C:\Windows\System32\DRIVERS\shpf.sys [22560 2008-01-31] (Sony Corporation)
S3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [35328 2007-04-27] (SafeNet, Inc.)
R3 SPI; C:\Windows\System32\DRIVERS\SonyPI.sys [14720 2008-01-07] (Sony Corporation)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [12288 2011-06-02] (Datacolor)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2008-01-07] (TeamViewer GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2012-11-30] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2012-11-30] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2012-11-30] (Paragon)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [10240 2011-06-22] (Nicomsoft Ltd.)
U5 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [84832 2002-07-17] (Adaptec)
S3 btwampfl; system32\drivers\btwampfl.sys [x]
S3 catchme; \??\C:\Users\ROLFRU~1\AppData\Local\Temp\catchme.sys [x]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [x]
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [x]
S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO.SYS [x]
S3 nmwcd; system32\drivers\ccdcmb.sys [x]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PAC207; system32\DRIVERS\PFC027.SYS [x]
U5 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [90688 2007-04-27] (SafeNet, Inc.)
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [x]
S2 XAudio; system32\DRIVERS\xaudio.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-21 10:21 - 2013-09-17 11:16 - 01083437 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-09-21 10:20 - 2013-09-21 10:20 - 00001064 _____ C:\Users\*****\Desktop\checkup.txt
2013-09-20 12:31 - 2013-09-20 12:31 - 00000000 ____D C:\Program Files\ESET
2013-09-19 17:52 - 2013-09-19 17:52 - 00000000 ____D C:\Windows\ERUNT
2013-09-19 17:32 - 2013-09-19 17:46 - 00000000 ____D C:\AdwCleaner
2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-19 13:11 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-18 23:15 - 2013-09-18 23:15 - 00018879 _____ C:\ComboFix.txt
2013-09-18 22:04 - 2013-09-18 23:15 - 00000000 ____D C:\Qoobox
2013-09-18 22:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-18 22:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-18 22:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-18 22:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-18 22:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-18 22:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-18 22:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-18 22:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-18 13:03 - 2013-09-18 23:12 - 00000000 ____D C:\Windows\erdnt
2013-09-18 06:46 - 2013-09-18 06:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 11:25 - 2013-09-17 11:25 - 00000000 ____D C:\FRST
2013-09-17 11:22 - 2013-09-17 11:22 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-09-16 17:15 - 2013-09-20 12:29 - 00000000 ____D C:\Users\*****\Desktop\Analyse
2013-09-16 14:16 - 2013-09-16 14:16 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-14 20:47 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-14 20:47 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-14 20:47 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-14 20:47 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-14 20:47 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-14 20:47 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-14 20:47 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-14 20:47 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-14 20:47 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-14 20:47 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-14 20:47 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-14 20:47 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-14 20:47 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-14 20:47 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-14 20:47 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-14 20:47 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-14 20:44 - 2013-09-14 20:44 - 00000000 ____D C:\Users\*****\.android
2013-09-14 20:33 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-14 20:33 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-08-28 07:47 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-25 17:33 - 2013-08-25 17:33 - 00118670 _____ C:\Users\*****\Documents\Backup SG2 2013-08-25.mpb
2013-08-25 07:06 - 2013-09-18 23:27 - 00002434 _____ C:\Windows\PFRO.log
==================== One Month Modified Files and Folders =======
2013-09-21 10:20 - 2013-09-21 10:20 - 00001064 _____ C:\Users\*****\Desktop\checkup.txt
2013-09-21 10:04 - 2012-04-04 17:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-21 10:01 - 2006-11-02 14:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-21 10:01 - 2006-11-02 14:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-21 08:11 - 2012-09-02 17:32 - 01323272 _____ C:\Windows\WindowsUpdate.log
2013-09-21 08:11 - 2008-11-08 17:36 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-09-21 08:03 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-09-21 08:02 - 2008-11-11 22:51 - 00000438 _____ C:\Windows\Brownie.ini
2013-09-21 08:02 - 2008-07-09 10:29 - 00624911 _____ C:\ProgramData\nvModes.001
2013-09-21 08:01 - 2011-04-02 19:21 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-09-21 08:01 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-20 21:12 - 2008-07-09 09:42 - 00003204 _____ C:\Windows\bthservsdp.dat
2013-09-20 21:12 - 2006-11-02 15:01 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-20 12:54 - 2008-07-09 10:29 - 00624911 _____ C:\ProgramData\nvModes.dat
2013-09-20 12:31 - 2013-09-20 12:31 - 00000000 ____D C:\Program Files\ESET
2013-09-20 12:29 - 2013-09-16 17:15 - 00000000 ____D C:\Users\*****\Desktop\Analyse
2013-09-20 11:34 - 2009-01-13 22:41 - 00000000 ___RD C:\Users\*****\Desktop\Tools
2013-09-20 11:04 - 2012-04-04 17:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 11:04 - 2011-05-18 06:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 08:07 - 2011-08-22 20:55 - 00000000 ____D C:\Users\*****\AppData\Roaming\MyPhoneExplorer
2013-09-19 17:52 - 2013-09-19 17:52 - 00000000 ____D C:\Windows\ERUNT
2013-09-19 17:50 - 2008-11-08 17:36 - 00000000 ____D C:\Users\*****
2013-09-19 17:46 - 2013-09-19 17:32 - 00000000 ____D C:\AdwCleaner
2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-18 23:27 - 2013-08-25 07:06 - 00002434 _____ C:\Windows\PFRO.log
2013-09-18 23:15 - 2013-09-18 23:15 - 00018879 _____ C:\ComboFix.txt
2013-09-18 23:15 - 2013-09-18 22:04 - 00000000 ____D C:\Qoobox
2013-09-18 23:15 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-09-18 23:15 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-09-18 23:12 - 2013-09-18 13:03 - 00000000 ____D C:\Windows\erdnt
2013-09-18 23:12 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-09-18 15:41 - 2008-11-08 17:36 - 00014236 _____ C:\Users\*****\AppData\Local\d3d9caps.dat
2013-09-18 14:19 - 2013-03-24 13:10 - 00000000 ____D C:\Program Files\StarMoney 9.0
2013-09-18 08:52 - 2012-05-01 07:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-18 06:47 - 2013-09-18 06:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-18 06:36 - 2012-11-29 12:23 - 00000000 ____D C:\Program Files\StarMoney Business 5.0
2013-09-17 22:49 - 2013-05-29 17:00 - 00000000 ____D C:\Program Files\DisplayLink Core Software
2013-09-17 11:25 - 2013-09-17 11:25 - 00000000 ____D C:\FRST
2013-09-17 11:22 - 2013-09-17 11:22 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-09-17 11:16 - 2013-09-21 10:21 - 01083437 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2013-09-16 14:16 - 2013-09-16 14:16 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-15 20:32 - 2008-11-11 23:00 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-09-14 20:55 - 2013-07-24 18:03 - 00452144 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-14 20:46 - 2013-08-15 08:23 - 00000000 ____D C:\Windows\system32\MRT
2013-09-14 20:44 - 2013-09-14 20:44 - 00000000 ____D C:\Users\*****\.android
2013-09-14 20:43 - 2012-08-20 19:16 - 00000000 ____D C:\Program Files\MyPhoneExplorer
2013-09-14 20:40 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-25 17:33 - 2013-08-25 17:33 - 00118670 _____ C:\Users\*****\Documents\Backup SG2 2013-08-25.mpb
2013-08-24 22:32 - 2008-11-08 20:58 - 00000000 ____D C:\Users\*****\AppData\Roaming\FileZilla
2013-08-24 22:27 - 2011-01-29 20:23 - 00000000 ____D C:\Program Files\FileZilla FTP Client
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-21 08:10
==================== End Of Log ============================
--- --- --- So das wars. Keine Probleme mehr !!!! Danke sehr !
__________________ Gruß Rolf |
|
21.09.2013, 16:22
| #10 |
| /// the machine /// TB-Ausbilder | Mixi Dj Search lässt sich nicht löschen Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Mixi Dj Search lässt sich nicht löschen |
| akamai, antivirus, bonjour, browser, converter, desktop, error, farbar, farbar recovery scan tool, festplatte, firefox, firefox 23.0.1, flash player, google, hijack, home, homepage, mixidj, mozilla, newtab, plug-in, realtek, registry, security, server, software, starmoney, starten, svchost.exe, system, vista, windows |
Linear-Darstellung
