| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: seth.avazutracking.netWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.10.2013, 17:12
| #5 |
 |  seth.avazutracking.net So jetzt habe ich natürlich ein Problem. Hab Malwarebytes laufen lassen und beim ersten mal hat es sich beim Löschen der Dateien aufgehangen. Hab es direkt danach nochmal laufen lassen und da kam dieser Log: Code:
ATTFilter www.malwarebytes.org
Datenbank Version: v2013.10.01.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19458
Franzi & Falko :: ACERASPIRE7735 [Administrator]
01.10.2013 17:44:21
mbam-log-2013-10-01 (17-44-21).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213117
Laufzeit: 7 Minute(n), 14 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
So jetzt die Log von AdwCleaner Code:
ATTFilter # AdwCleaner v3.006 - Bericht erstellt am 01/10/2013 um 18:00:16
# Updated 01/10/2013 von Xplode
# Betriebssystem : Service Pack 2 (32 bits)
# Benutzername : Franzi & Falko - ACERASPIRE7735
# Gestartet von : C:\Users\Franzi & Falko\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\Browser Updater
Ordner Gelöscht : C:\Program Files\Protected Search
Ordner Gelöscht : C:\Users\Franzi & Falko\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Franzi & Falko\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Franzi & Falko\AppData\Roaming\SimplyTech
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.19458
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1416ec955f00fcd0cc7505aeaa3aac15");
*************************
AdwCleaner[R0].txt - [23138 octets] - [30/09/2013 13:49:17]
AdwCleaner[R1].txt - [21839 octets] - [30/09/2013 13:51:19]
AdwCleaner[R2].txt - [1085 octets] - [30/09/2013 14:00:35]
AdwCleaner[R3].txt - [1205 octets] - [30/09/2013 14:05:11]
AdwCleaner[R4].txt - [1157 octets] - [30/09/2013 14:08:08]
AdwCleaner[R5].txt - [6660 octets] - [01/10/2013 17:59:02]
AdwCleaner[S0].txt - [1714 octets] - [30/09/2013 13:50:48]
AdwCleaner[S1].txt - [21117 octets] - [30/09/2013 13:52:53]
AdwCleaner[S2].txt - [1147 octets] - [30/09/2013 14:01:53]
AdwCleaner[S3].txt - [6591 octets] - [01/10/2013 18:00:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [6651 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows_NT x86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-531510341-141507025-1291647500-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322902230}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422182256}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455185556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366906630}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466186656}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444184456}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455185556}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466186656}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444184456}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411181156}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E3C31AFE-6A3D-4F8B-A28E-471CEF7AA251}
~~~ Files
~~~ Folders
~~~ FireFox
Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
Emptied folder: C:\Users\Franzi & Falko\AppData\Roaming\mozilla\firefox\profiles\b4bc6umb.default\minidumps [90 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.10.2013 at 18:09:32,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by Franzi & Falko (administrator) on ACERASPIRE7735 on 01-10-2013 18:11:03
Running from C:\Users\Franzi & Falko\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [Anti-Trojan-Watch] - [x]
HKLM\...\Run: [] - [x]
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-03-06] (TODO: <Company name>)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-03-06] (TODO: <Company name>)
AppInit_DLLs: c:\windows\system32\avgrsstx.dll c:\progra~1\google\google~1\googledesktopnetwork3.dll [ 2009-10-03] (AVG Technologies CZ, s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @thrixxx.com/WebLaunch - C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @thrixxx.com/WebLaunch - C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File
FF SearchPlugin: C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: vis - C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
FF Extension: Garmin Communicator - C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: iMacros for Firefox - C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF Extension: DownloadHelper - C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: toolbar-ff - C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\Extensions\toolbar-ff@payback.de.xpi
FF Extension: toolbar - C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\Extensions\toolbar@web.de.xpi
FF Extension: unplug - C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\Extensions\unplug@compunach.xpi
FF Extension: No Name - C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG8\Firefox
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
S4 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
S2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [x]
S4 GoogleDesktopManager-093009-130223; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [x]
S2 mcmscsvc;
S2 McNASvc;
S3 McODS;
S2 McProxy;
S2 McShield;
S3 McSysmon;
S2 MpfService;
S2 MSK80Service;
==================== Drivers (Whitelisted) ====================
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108480 2010-09-14] (SlySoft, Inc.)
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [335240 2009-10-03] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [27784 2009-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-08] (Avira Operations GmbH & Co. KG)
R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [108552 2009-10-03] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-08] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-05-14] (DT Soft Ltd)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [27432 2010-09-16] (Elaborate Bytes AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79816 2009-07-08] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-07-08] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-07-08] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-07-08] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-07-08] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2009-07-16] (McAfee, Inc.)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [153952 2009-02-21] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-11] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\FRANZI~1\AppData\Local\Temp\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 k57nd60x; system32\DRIVERS\k57nd60x.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 StarOpen; No ImagePath
S3 usbbus; system32\DRIVERS\lgusbbus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [x]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-01 18:09 - 2013-10-01 18:09 - 00002514 _____ C:\Users\Franzi & Falko\Desktop\JRT.txt
2013-10-01 18:06 - 2013-10-01 18:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-01 18:05 - 2013-10-01 18:05 - 01030305 _____ (Thisisu) C:\Users\Franzi & Falko\Desktop\JRT.exe
2013-10-01 17:58 - 2013-10-01 17:58 - 01045226 _____ C:\Users\Franzi & Falko\Desktop\adwcleaner.exe
2013-10-01 17:21 - 2013-10-01 18:09 - 00077207 _____ C:\Windows\WindowsUpdate.log
2013-10-01 17:18 - 2013-10-01 17:18 - 00001066 _____ C:\Windows\PFRO.log
2013-09-30 16:26 - 2013-09-30 16:26 - 00000000 ____D C:\FRST
2013-09-30 16:25 - 2013-09-30 16:25 - 01086873 _____ (Farbar) C:\Users\Franzi & Falko\Desktop\FRST.exe
2013-09-30 15:49 - 2013-09-30 15:49 - 00000795 _____ C:\Users\Public\Desktop\Total Uninstall 6.lnk
2013-09-30 15:49 - 2013-09-30 15:49 - 00000000 ____D C:\ProgramData\Martau
2013-09-30 15:49 - 2013-09-30 15:49 - 00000000 ____D C:\Program Files\Total Uninstall 6
2013-09-30 15:47 - 2013-09-30 15:48 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-30 15:47 - 2013-09-30 15:47 - 00001045 _____ C:\Users\Public\Desktop\Wise Program Uninstaller.lnk
2013-09-30 15:47 - 2013-09-30 15:47 - 00000000 ____D C:\Program Files\Wise
2013-09-30 13:49 - 2013-10-01 18:00 - 00000000 ____D C:\AdwCleaner
2013-09-30 13:45 - 2013-03-19 06:41 - 00016896 _____ C:\Windows\Launcher.exe
2013-09-30 11:51 - 2013-09-30 11:51 - 00602112 _____ (OldTimer Tools) C:\Users\Franzi & Falko\Desktop\OTL.exe
2013-09-30 11:16 - 2013-09-30 11:16 - 00000079 _____ C:\Windows\wininit.ini
2013-09-29 20:33 - 2013-09-29 20:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-29 20:32 - 2013-09-29 22:24 - 00000000 ____D C:\Windows\865537E164904193A4B6669C62711852.TMP
2013-09-29 20:32 - 2013-09-29 20:32 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-29 20:31 - 2013-09-29 20:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-29 20:30 - 2013-09-29 20:30 - 00000870 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-29 19:13 - 2013-09-29 19:13 - 00000000 ____D C:\Users\Franzi & Falko\AppData\Roaming\DivX
2013-09-24 11:44 - 2013-09-24 12:41 - 97525606 _____ C:\Windows\system32\豨ၣḬŒ
2013-09-23 08:37 - 2013-09-23 08:37 - 00001628 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-23 08:35 - 2013-09-23 08:36 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-23 08:35 - 2013-09-23 08:36 - 00000000 ____D C:\Program Files\iTunes
2013-09-23 08:35 - 2013-09-23 08:35 - 00000000 ____D C:\Program Files\iPod
2013-09-23 08:16 - 2013-10-01 18:01 - 00001302 _____ C:\Windows\Tasks\LyriXeeker-1-updater.job
2013-09-23 08:16 - 2013-10-01 18:01 - 00001206 _____ C:\Windows\Tasks\LyriXeeker-1-codedownloader.job
2013-09-23 08:16 - 2013-10-01 18:01 - 00001106 _____ C:\Windows\Tasks\LyriXeeker-1-enabler.job
2013-09-23 08:15 - 2013-10-01 18:01 - 00001828 _____ C:\Windows\Tasks\LyriXeeker-1-firefoxinstaller.job
2013-09-23 08:15 - 2013-09-23 08:15 - 00000000 ____D C:\User Data
2013-09-16 08:52 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-16 08:52 - 2013-08-01 12:21 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-16 08:52 - 2013-08-01 12:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-16 08:52 - 2013-08-01 12:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-16 08:52 - 2013-08-01 12:18 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-16 08:52 - 2013-08-01 12:16 - 06016512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-16 08:52 - 2013-08-01 12:16 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-16 08:52 - 2013-08-01 12:16 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-16 08:52 - 2013-08-01 12:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-16 08:52 - 2013-08-01 12:16 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-16 08:52 - 2013-08-01 12:15 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-16 08:52 - 2013-08-01 12:15 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-16 08:52 - 2013-08-01 12:15 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-16 08:52 - 2013-08-01 12:15 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-16 08:52 - 2013-08-01 12:15 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-16 08:52 - 2013-08-01 12:15 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-16 08:52 - 2013-08-01 12:15 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-16 08:52 - 2013-08-01 12:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-16 08:52 - 2013-08-01 12:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-16 08:52 - 2013-08-01 12:15 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-16 08:52 - 2013-08-01 12:15 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-16 08:52 - 2013-08-01 12:13 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-16 08:52 - 2013-08-01 10:37 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-16 08:52 - 2013-08-01 08:56 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-16 08:52 - 2013-08-01 08:56 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-16 08:52 - 2013-08-01 08:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-16 08:52 - 2013-08-01 08:54 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-16 08:52 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-09 14:46 - 2013-09-09 14:46 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-02 10:38 - 2013-09-02 10:38 - 00040323 _____ C:\Users\Franzi & Falko\Downloads\Geburtstagseinladung.odt
==================== One Month Modified Files and Folders =======
2013-10-01 18:10 - 2013-10-01 17:21 - 00077207 _____ C:\Windows\WindowsUpdate.log
2013-10-01 18:09 - 2013-10-01 18:09 - 00002514 _____ C:\Users\Franzi & Falko\Desktop\JRT.txt
2013-10-01 18:07 - 2009-08-11 18:36 - 00000436 ____H C:\Windows\Tasks\User_Feed_Synchronization-{AF2CD976-D037-4616-97C4-4BF40B1B55DC}.job
2013-10-01 18:06 - 2013-10-01 18:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-01 18:05 - 2013-10-01 18:05 - 01030305 _____ (Thisisu) C:\Users\Franzi & Falko\Desktop\JRT.exe
2013-10-01 18:01 - 2013-09-23 08:16 - 00001302 _____ C:\Windows\Tasks\LyriXeeker-1-updater.job
2013-10-01 18:01 - 2013-09-23 08:16 - 00001206 _____ C:\Windows\Tasks\LyriXeeker-1-codedownloader.job
2013-10-01 18:01 - 2013-09-23 08:16 - 00001106 _____ C:\Windows\Tasks\LyriXeeker-1-enabler.job
2013-10-01 18:01 - 2013-09-23 08:15 - 00001828 _____ C:\Windows\Tasks\LyriXeeker-1-firefoxinstaller.job
2013-10-01 18:01 - 2011-06-23 19:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-01 18:01 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-01 18:01 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 18:01 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 18:00 - 2013-09-30 13:49 - 00000000 ____D C:\AdwCleaner
2013-10-01 18:00 - 2006-11-02 15:01 - 00000764 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-01 17:58 - 2013-10-01 17:58 - 01045226 _____ C:\Users\Franzi & Falko\Desktop\adwcleaner.exe
2013-10-01 17:57 - 2013-08-20 12:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 17:56 - 2012-04-02 11:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-01 17:28 - 2011-06-23 19:24 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-01 17:18 - 2013-10-01 17:18 - 00001066 _____ C:\Windows\PFRO.log
2013-09-30 18:05 - 2008-02-06 01:25 - 00000000 ____D C:\Windows\Panther
2013-09-30 16:26 - 2013-09-30 16:26 - 00000000 ____D C:\FRST
2013-09-30 16:25 - 2013-09-30 16:25 - 01086873 _____ (Farbar) C:\Users\Franzi & Falko\Desktop\FRST.exe
2013-09-30 16:25 - 2009-08-11 19:26 - 00000000 ___RD C:\Program Files\Skype
2013-09-30 16:23 - 2009-08-17 14:27 - 00041121 _____ C:\ProgramData\hpzinstall.log
2013-09-30 16:22 - 2011-01-16 20:41 - 00000000 ____D C:\Users\Franzi & Falko\AppData\Local\Apple Computer
2013-09-30 16:22 - 2009-08-17 14:29 - 00000000 ____D C:\Program Files\HP
2013-09-30 16:16 - 2013-06-12 11:30 - 00000000 ____D C:\ProgramData\DivX
2013-09-30 16:06 - 2012-05-21 18:07 - 00000000 ____D C:\Program Files\Nero
2013-09-30 15:57 - 2010-05-16 14:28 - 00000000 ____D C:\Program Files\Java
2013-09-30 15:49 - 2013-09-30 15:49 - 00000795 _____ C:\Users\Public\Desktop\Total Uninstall 6.lnk
2013-09-30 15:49 - 2013-09-30 15:49 - 00000000 ____D C:\ProgramData\Martau
2013-09-30 15:49 - 2013-09-30 15:49 - 00000000 ____D C:\Program Files\Total Uninstall 6
2013-09-30 15:48 - 2013-09-30 15:47 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-30 15:47 - 2013-09-30 15:47 - 00001045 _____ C:\Users\Public\Desktop\Wise Program Uninstaller.lnk
2013-09-30 15:47 - 2013-09-30 15:47 - 00000000 ____D C:\Program Files\Wise
2013-09-30 13:55 - 2009-08-10 18:34 - 00000957 _____ C:\Users\Franzi & Falko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-30 13:45 - 2009-08-10 18:34 - 00000000 ____D C:\Users\Franzi & Falko\AppData\Local\Google
2013-09-30 12:59 - 2009-08-29 14:23 - 00000000 ____D C:\Users\Franzi & Falko\AppData\Local\Adobe
2013-09-30 12:19 - 2013-07-29 17:31 - 00000093 _____ C:\Users\Franzi & Falko\AppData\Roaming\WB.CFG
2013-09-30 12:19 - 2013-06-16 18:31 - 00000005 _____ C:\Users\Franzi & Falko\AppData\Roaming\WBPU-TTL.DAT
2013-09-30 11:51 - 2013-09-30 11:51 - 00602112 _____ (OldTimer Tools) C:\Users\Franzi & Falko\Desktop\OTL.exe
2013-09-30 11:33 - 2009-08-10 20:14 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-30 11:16 - 2013-09-30 11:16 - 00000079 _____ C:\Windows\wininit.ini
2013-09-30 11:09 - 2011-12-19 08:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-29 22:24 - 2013-09-29 20:32 - 00000000 ____D C:\Windows\865537E164904193A4B6669C62711852.TMP
2013-09-29 20:33 - 2013-09-29 20:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-29 20:33 - 2013-09-29 20:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-29 20:32 - 2013-09-29 20:32 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-29 20:30 - 2013-09-29 20:30 - 00000870 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-29 19:13 - 2013-09-29 19:13 - 00000000 ____D C:\Users\Franzi & Falko\AppData\Roaming\DivX
2013-09-29 19:13 - 2009-08-11 13:53 - 00000000 ____D C:\Users\Franzi & Falko\AppData\Roaming\vlc
2013-09-25 22:08 - 2013-05-02 11:24 - 00000000 ____D C:\Users\Franzi & Falko\Documents\BA-Arbeit Franzi
2013-09-24 12:41 - 2013-09-24 11:44 - 97525606 _____ C:\Windows\system32\豨ၣḬŒ
2013-09-23 17:50 - 2006-11-02 12:33 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-23 08:37 - 2013-09-23 08:37 - 00001628 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-23 08:36 - 2013-09-23 08:35 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-23 08:36 - 2013-09-23 08:35 - 00000000 ____D C:\Program Files\iTunes
2013-09-23 08:35 - 2013-09-23 08:35 - 00000000 ____D C:\Program Files\iPod
2013-09-23 08:35 - 2010-01-30 12:59 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-23 08:30 - 2012-12-03 13:55 - 00000000 ____D C:\Program Files\Bonjour
2013-09-23 08:30 - 2009-08-10 18:33 - 00000000 ____D C:\Users\Franzi & Falko
2013-09-23 08:15 - 2013-09-23 08:15 - 00000000 ____D C:\User Data
2013-09-18 19:23 - 2009-03-12 05:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-17 15:12 - 2006-11-02 14:47 - 03736768 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-17 12:09 - 2013-06-10 10:32 - 00000000 ____D C:\Users\Franzi & Falko\Documents\Eigene Scans
2013-09-17 10:40 - 2013-07-26 21:43 - 00000000 ____D C:\Windows\system32\MRT
2013-09-17 10:35 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-16 08:56 - 2012-04-02 11:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-16 08:56 - 2012-01-16 12:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-09 14:46 - 2013-09-09 14:46 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-08 19:56 - 2013-03-11 09:06 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-02 10:38 - 2013-09-02 10:38 - 00040323 _____ C:\Users\Franzi & Falko\Downloads\Geburtstagseinladung.odt
Some content of TEMP:
====================
C:\Users\Franzi & Falko\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-01 18:09
==================== End Of Log ============================
--- --- --- --- --- --- |
| Themen zu seth.avazutracking.net |
| .vault, adobe, autorun, avira, bonjour, defender, explorer, firefox, flash player, format, helper, installation, intranet, js/adware.yontoo.c, object, plug-in, realtek, required, rundll, senden, seth.avazutracking.net, software, spyhunter, spyhunter entfernen, temp, virus, vista, win32/adware.yontoo.b |
Baum-Darstellung