| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.10.2013, 15:09
| #1 |
 |  Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Hallo zusammen und zu allererst auch herzlichen Dank, dass Ihr eure Hilfe anbietet! wie in dem Problem von NellB, (http://www.trojaner-board.de/129921-...uepfungen.html) sind Dateien auf meinem USB-Stick nur noch als Verknüfpung vorhanden. Wie in genanntem Link empfohlen, habe ich versteckte Dateien sichtbar gemacht und die Dateien befinden sich auch nich auf dem Stick. Aber es hat mir eben gezeigt, dass ich wohleinen ungebetenen Gast auf meinem Rechner habe und den würde ich gerne los werden. Danke für Eure Hilfe! Auf dem Stick befindet sich eine Datei Namens 'tmxnftcqgr..vbs'. Ich vermute die Datei soll da nicht sein!? Soll ich sie löschen? Als Antiviren Programm benutze ich eine Uni-lizensierte Version von Sophos. Die schlägt aber keinen Alarm, selbst wenn ich speziell nur den Stick scannen lasse. Im folgenden die Log-Datein: 1. FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Robert (administrator) on JENNY on 18-10-2013 14:46:50
Running from D:\Eigene Dateien\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\atservice.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TEco.exe
(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.SysTray.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TouchED\TouchED.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Windows\System32\nwtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [SystemTray] - C:\Program Files\TrueSuite\TrueSuite.SysTray.exe [619328 2009-12-22] (AuthenTec, Inc)
HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [307008 2009-12-22] (AuthenTec, Inc.)
HKLM\...\Run: [TouchED] - C:\Program Files\TOSHIBA\TouchED\TouchED.exe [118784 2005-09-01] (TOSHIBA Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [929272 2013-06-04] (Sophos Limited)
HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [34904 2012-03-27] ()
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [tmxnftcqgr] - C:\Users\Robert\AppData\Local\Temp\tmxnftcqgr..vbs [116187 2013-08-03] () <===== ATTENTION
HKU\Administrator\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)
HKU\Administrator\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-02] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL [ 2013-06-04] (Sophos Limited)
Lsa: [Authentication Packages] msv1_0 ncv1_0
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmxnftcqgr..vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0A10DF2B4A3CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKCU - {55FAF0F2-44D4-425f-B5F5-6B275B621EAB} URL = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 10.2.0.1 10.2.0.2
FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default
FF Homepage: hxxp://www.zeit.de/
FF NetworkProxy: "http", "91.228.53.28"
FF NetworkProxy: "http_port", 8089
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DeviceDetection@logitech.com
FF Extension: FoxyProxy Basic - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\foxyproxy@eric.h.jung
FF Extension: YouTube Unblocker - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: admin - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: DivXWebPlayer - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: TrueSuite Website Log On - C:\Program Files\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
========================== Services (Whitelisted) =================
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 ATService; C:\Program Files\Fingerprint Sensor\atservice.exe [1819968 2009-12-22] (AuthenTec, Inc.)
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [108352 2009-12-22] (AuthenTec, Inc)
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-06-04] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-06-04] (Sophos Limited)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [237048 2013-06-04] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-10-20] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-06-04] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1468920 2013-06-04] (Sophos Limited)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [16984 2012-03-27] (Novell, Inc.)
==================== Drivers (Whitelisted) ====================
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] ()
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [91736 2012-03-27] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [90712 2012-03-27] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [60504 2012-03-27] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [111192 2012-03-27] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [22616 2012-03-27] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [27224 2012-03-27] (Novell, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [132424 2013-06-04] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2012-10-20] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33096 2013-06-04] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2012-10-20] (Sophos Plc)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [65112 2012-03-27] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [64088 2012-03-27] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [41048 2012-03-27] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [18520 2012-03-27] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [66136 2012-03-27] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [30808 2012-03-27] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [45656 2012-03-27] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [27224 2012-03-27] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [22104 2012-03-27] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [28760 2012-03-27] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [45144 2012-03-27] (Novell, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-18 14:46 - 2013-10-18 14:46 - 00000000 ____D C:\FRST
2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 _____ C:\Users\Robert\defogger_reenable
2013-10-10 19:25 - 2013-09-04 03:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-10 00:26 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 00:26 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 00:26 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 00:26 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 00:26 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 00:26 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 00:25 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 22:56 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 22:56 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 22:56 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 22:56 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-09 22:56 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 22:56 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 22:56 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 22:56 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 22:56 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 22:56 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 22:56 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 22:56 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 22:56 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 22:56 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 22:56 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 22:56 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 22:56 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 22:56 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 22:56 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 22:56 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 22:56 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 22:55 - 2013-07-12 12:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 22:55 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 22:55 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 22:55 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 22:55 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 22:55 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-07 20:14 - 2013-10-07 20:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3
2013-09-19 20:50 - 2013-09-19 20:50 - 00000000 ____D C:\Users\Robert\Desktop\CAF
2013-09-19 01:09 - 2013-09-19 01:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-10-18 14:47 - 2011-11-16 17:05 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Dropbox
2013-10-18 14:46 - 2013-10-18 14:46 - 00000000 ____D C:\FRST
2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 _____ C:\Users\Robert\defogger_reenable
2013-10-18 14:41 - 2011-11-15 18:31 - 00000000 ____D C:\Users\Robert
2013-10-18 14:31 - 2011-11-15 18:21 - 01658192 _____ C:\Windows\WindowsUpdate.log
2013-10-18 14:18 - 2011-11-16 17:22 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype
2013-10-18 13:51 - 2012-07-22 14:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-18 13:22 - 2010-11-20 23:01 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-18 08:20 - 2009-07-14 06:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-18 08:20 - 2009-07-14 06:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-18 08:12 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-18 08:12 - 2009-07-14 06:39 - 00109376 _____ C:\Windows\setupact.log
2013-10-12 13:11 - 2011-11-16 17:22 - 00000000 ____D C:\ProgramData\Skype
2013-10-12 13:11 - 2009-08-14 12:32 - 00000000 ___RD C:\Program Files\Skype
2013-10-11 12:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-10-10 11:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 10:21 - 2009-07-14 06:33 - 00366296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 10:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 00:33 - 2011-11-16 20:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 00:30 - 2013-07-20 19:31 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 00:28 - 2011-11-17 22:25 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 00:27 - 2010-11-21 20:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 00:51 - 2012-03-30 10:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 00:51 - 2011-11-15 18:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 20:14 - 2013-10-07 20:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3
2013-09-30 15:51 - 2013-07-02 19:27 - 00000000 ____D C:\Users\Robert\Desktop\Kurse Paris
2013-09-24 22:32 - 2011-11-16 17:38 - 00017408 _____ C:\Users\Robert\AppData\Local\WebpageIcons.db
2013-09-23 01:28 - 2013-10-10 00:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 01:28 - 2013-10-10 00:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 01:28 - 2013-10-10 00:26 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 01:27 - 2013-10-10 00:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 01:27 - 2013-10-10 00:25 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-21 05:30 - 2013-10-10 00:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 04:39 - 2013-10-10 00:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-19 20:50 - 2013-09-19 20:50 - 00000000 ____D C:\Users\Robert\Desktop\CAF
2013-09-19 18:08 - 2012-05-14 14:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 13:25 - 2011-11-16 15:57 - 00000000 ____D C:\Users\Robert\AppData\Local\Mozilla
2013-09-19 01:09 - 2013-09-19 01:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
Files to move or delete:
====================
C:\Users\Robert\AppData\Local\Temp\tmxnftcqgr..vbs
C:\ProgramData\hpe9E43.dll
Some content of TEMP:
====================
C:\Users\Robert\AppData\Local\Temp\AskSLib.dll
C:\Users\Robert\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\Temp\ose00000.exe
C:\Users\Robert\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Robert\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-11 12:09
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Robert at 2013-10-18 14:48:23
Running from D:\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Sophos Anti-Virus (Enabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
==================== Installed Programs ======================
7-Zip 9.20
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
ALPS Touch Pad Driver (Version: 7.202.302.109)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AuthenTec TrueSuite (Version: 2.0.0.57)
AuthenTec TrueSuite (Version: 3.0.1.66)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.12(T))
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite DCP-7010 (Version: 1.0.1.0)
Cisco AnyConnect VPN Client (Version: 2.5.3054)
Citavi (Version: 3.4.0.2)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX-Setup (Version: 2.6.1.3)
Dropbox (HKCU Version: 2.0.22)
EASEUS Partition Master 9.1.0 Home Edition
ElsterFormular (Version: 14.1.11318)
eReg (Version: 1.20.138.34)
Foxit Reader 5.1 (Version: 5.1.3.1201)
Inquisit 3 Web Edition
IrfanView (remove only) (Version: 4.35)
iTunes (Version: 10.5.1.42)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 35 (Version: 6.0.350)
Logitech SetPoint 6.32 (Version: 6.32.20)
LSI V92 MOH Application
Mathematica Extras 9.0 (4092550) (Version: 9.0.1)
MD Adressbuch 2011
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
MSVCRT (Version: 15.4.2862.0708)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
NMAS Challenge Response Method (Version: 2.8.3.3)
NMAS Client (Version: 3.5.1.1)
Novell Client für Windows (Version: 2 SP2 (IR2a))
PDF24 Creator 5.4.0
PDF-XChange Viewer (Version: 2.5.199.0)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Samsung Printer Live Update
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.9 (Version: 6.9.106)
Sony Ericsson PC Suite 6.011.00 (Version: 6.011.00)
SopCast 3.5.0 (Version: 3.5.0)
Sophos Anti-Virus (Version: 10.2.9)
Sophos AutoUpdate (Version: 2.9.0.344)
TOSHIBA eco Utility (Version: 1.1.10.0)
TOSHIBA HDD Protection (Version: 2.2.0.0)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.0)
TOSHIBA PC Health Monitor (Version: 1.4.0.0)
TOSHIBA SD Memory Boot Utility (Version: 1.3.1.2)
TOSHIBA Software Modem (Version: 2.2.97)
TOSHIBA Touchpad Ein/Aus Utility V2.5.1.0 (Version: 2.5.1.0)
TOSHIBA Value Added Package (Version: 1.2.40)
TOSHIBA Web Camera Application (Version: 1.1.2.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (Version: 9.0.1)
Zattoo4 4.0.5 (Version: 4.0.5)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {B89B3CB4-EA40-47E8-8D2A-DAB9BE214DB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {FBC2C887-15BD-4C7A-A80A-EDFE57BE71D4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-03-12 17:40 - 2012-03-12 17:40 - 00016384 _____ () C:\Windows\system32\nls\DEUTSCH\NCLangIDR.DLL
2012-03-27 17:32 - 2012-03-27 17:32 - 00092760 _____ () C:\Windows\system32\NCLangID.dll
2012-03-27 17:32 - 2012-03-27 17:32 - 00230488 _____ () C:\Windows\system32\NWSHLXNT.dll
2012-03-12 17:40 - 2012-03-12 17:40 - 00102400 _____ () C:\Windows\system32\nls\DEUTSCH\NWSHLXNTR.DLL
2012-03-27 17:32 - 2012-03-27 17:32 - 00909400 _____ () C:\Windows\system32\ncnetprovider.dll
2012-03-27 17:32 - 2012-03-27 17:32 - 00156760 _____ () C:\Windows\system32\MAPBASE.dll
2012-03-12 17:40 - 2012-03-12 17:40 - 00086528 _____ () C:\Windows\system32\nls\DEUTSCH\MAPBASER.DLL
2012-03-12 17:40 - 2012-03-12 17:40 - 00496640 _____ () C:\Windows\system32\nls\DEUTSCH\ncnetproviderR.DLL
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-10-18 16:20 - 2009-10-18 16:20 - 07980344 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-07-29 16:35 - 2009-07-29 16:35 - 00014648 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2009-08-26 18:55 - 2009-08-26 18:55 - 00520192 _____ () C:\Program Files\Toshiba\TECO\TecoPower.dll
2011-10-07 11:41 - 2011-10-07 11:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2011-11-21 21:18 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-03-27 17:32 - 2012-03-27 17:32 - 00909400 _____ () C:\Windows\System32\NCNetProvider.DLL
2012-03-27 17:32 - 2012-03-27 17:32 - 00092760 _____ () C:\Windows\System32\NCLangID.dll
2012-03-27 17:32 - 2012-03-27 17:32 - 00156760 _____ () C:\Windows\System32\MAPBASE.dll
2012-03-27 17:32 - 2012-03-27 17:32 - 00230488 _____ () C:\Windows\System32\NWSHLXNT.dll
2012-03-12 17:40 - 2012-03-12 17:40 - 00016384 _____ () C:\Windows\System32\nls\DEUTSCH\NCLangIDR.DLL
2012-03-12 17:40 - 2012-03-12 17:40 - 00086528 _____ () C:\Windows\System32\nls\DEUTSCH\MAPBASER.DLL
2012-03-12 17:40 - 2012-03-12 17:40 - 00102400 _____ () C:\Windows\System32\nls\DEUTSCH\NWSHLXNTR.DLL
2012-03-12 17:40 - 2012-03-12 17:40 - 00496640 _____ () C:\Windows\System32\nls\DEUTSCH\NCNetProviderR.DLL
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Robert\AppData\Roaming\Dropbox\bin\libcef.dll
2009-08-03 19:17 - 2009-08-03 19:17 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-09-19 01:09 - 2013-09-19 01:09 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2011-12-04 23:54 - 2013-04-25 16:11 - 00122880 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/18/2013 00:57:49 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/18/2013 08:19:10 AM) (Source: Brother BrLog) (User: )
Description: CC3LC BrtCC3LC: [2013/10/18 08:19:10.235]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:10 AM) (Source: Brother BrLog) (User: )
Description: CC3LC BrtCC3LC: [2013/10/18 08:19:10.035]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:09 AM) (Source: Brother BrLog) (User: )
Description: CC3LC BrtCC3LC: [2013/10/18 08:19:09.835]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:09 AM) (Source: Brother BrLog) (User: )
Description: CC3LC BrtCC3LC: [2013/10/18 08:19:09.635]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:09 AM) (Source: Brother BrLog) (User: )
Description: CC3LC BrtCC3LC: [2013/10/18 08:19:09.435]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:09 AM) (Source: Brother BrLog) (User: )
Description: CC3LC BrtCC3LC: [2013/10/18 08:19:09.233]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:09 AM) (Source: Brother BrLog) (User: )
Description: CC3LC BrtCC3LC: [2013/10/18 08:19:09.031]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:08 AM) (Source: Brother BrLog) (User: )
Description: CC3LC BrtCC3LC: [2013/10/18 08:19:08.831]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:08 AM) (Source: Brother BrLog) (User: )
Description: CC3LC BrtCC3LC: [2013/10/18 08:19:08.631]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
System errors:
=============
Error: (10/10/2013 00:19:53 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (10/06/2013 02:57:09 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (09/30/2013 07:09:27 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (09/18/2013 04:23:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (09/18/2013 04:23:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lmhosts" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1352
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (09/18/2013 04:23:46 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (09/15/2013 11:54:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sophos Web Intelligence Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/11/2013 03:59:03 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 11.09.2013 um 15:54:01 unerwartet heruntergefahren.
Error: (09/09/2013 10:27:34 AM) (Source: Microsoft-Windows-Application-Experience) (User: NT-AUTORITÄT)
Description: Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren.
Error: (09/07/2013 03:36:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (10/18/2013 00:57:49 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\sony ericsson\sony ericsson pc suite\Drivers\DPInst64.exe
Error: (10/18/2013 08:19:10 AM) (Source: Brother BrLog)(User: )
Description: CC3LCBrtCC3LC: [2013/10/18 08:19:10.235]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:10 AM) (Source: Brother BrLog)(User: )
Description: CC3LCBrtCC3LC: [2013/10/18 08:19:10.035]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:09 AM) (Source: Brother BrLog)(User: )
Description: CC3LCBrtCC3LC: [2013/10/18 08:19:09.835]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:09 AM) (Source: Brother BrLog)(User: )
Description: CC3LCBrtCC3LC: [2013/10/18 08:19:09.635]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:09 AM) (Source: Brother BrLog)(User: )
Description: CC3LCBrtCC3LC: [2013/10/18 08:19:09.435]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:09 AM) (Source: Brother BrLog)(User: )
Description: CC3LCBrtCC3LC: [2013/10/18 08:19:09.233]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:09 AM) (Source: Brother BrLog)(User: )
Description: CC3LCBrtCC3LC: [2013/10/18 08:19:09.031]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:08 AM) (Source: Brother BrLog)(User: )
Description: CC3LCBrtCC3LC: [2013/10/18 08:19:08.831]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
Error: (10/18/2013 08:19:08 AM) (Source: Brother BrLog)(User: )
Description: CC3LCBrtCC3LC: [2013/10/18 08:19:08.631]: [00002452]: Replace CC2:: MoveFile [C:\Program Files\Brother\ControlCenter2\BrCtrCen.exe] to [C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe] Error[0x5]
==================== Memory info ===========================
Percentage of memory in use: 69%
Total physical RAM: 2937.16 MB
Available physical RAM: 904 MB
Total Pagefile: 5872.62 MB
Available Pagefile: 3917.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:58.68 GB) (Free:3.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:90.37 GB) (Free:17.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 435FE2AB)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=90 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter 20131001 145837 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131001 150448 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131001 150449 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5687765
Objekte erkennen.
20131001 150449 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131001 153921 Der Scan von 'Boot Record, Laufwerk F:' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20131001 160428 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131001 160428 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5687798
Objekte erkennen.
20131001 160429 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131002 140143 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5687798
Objekte erkennen.
20131002 140143 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131002 140759 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131002 140800 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5687884
Objekte erkennen.
20131002 140800 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131002 221759 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131002 221801 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5687920
Objekte erkennen.
20131002 221801 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131003 035246 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5687920
Objekte erkennen.
20131003 035247 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131003 035944 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131003 035947 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5687925
Objekte erkennen.
20131003 035947 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131003 112034 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5687925
Objekte erkennen.
20131003 112034 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131003 122622 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131003 122632 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5687956
Objekte erkennen.
20131003 122632 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131003 162622 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131003 162624 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5687969
Objekte erkennen.
20131003 162624 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131003 192614 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131003 192622 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5687978
Objekte erkennen.
20131003 192622 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131004 072516 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5687978
Objekte erkennen.
20131004 072516 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131004 073156 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131004 073157 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5687996
Objekte erkennen.
20131004 073157 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131004 103108 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131004 103110 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688000
Objekte erkennen.
20131004 103111 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131004 130758 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131004 130801 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688008
Objekte erkennen.
20131004 130801 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131004 165302 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131004 165304 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688017
Objekte erkennen.
20131004 165304 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131005 091554 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688017
Objekte erkennen.
20131005 091554 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131005 092217 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131005 092233 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688042
Objekte erkennen.
20131005 092234 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131005 102150 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131005 102159 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688048
Objekte erkennen.
20131005 102159 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
Page 1 of 4 Protokollreport 18.10.2013 13:27:40
18.10.2013 file:///C:/Users/Robert/AppData/Local/Temp/SAV0.html20131006 204755 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131006 204802 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688059
Objekte erkennen.
20131006 204802 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131006 214806 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131006 214807 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688061
Objekte erkennen.
20131006 214808 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131007 074331 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688061
Objekte erkennen.
20131007 074331 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131007 121758 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688061
Objekte erkennen.
20131007 121759 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131007 122448 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131007 122449 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688081
Objekte erkennen.
20131007 122449 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131007 162344 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131007 162345 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688092
Objekte erkennen.
20131007 162346 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131007 183003 Web-Anfrage an "go.youlamedia.com/ypix.php" (verlinkt von
"www.ecostream.tv/stream/7c45c0566cc9a92e54a181ca00de0af5.html") für Benutzer Jenny\Robert gesperrt. 'Mal/HTMLGen-A'
wurde auf dieser Website gefunden, Verweiskennung 147571055.
20131007 191608 Web-Anfrage an "go.youlamedia.com/ypix.php" (verlinkt von
"www.ecostream.tv/stream/7c45c0566cc9a92e54a181ca00de0af5.html") für Benutzer Jenny\Robert gesperrt. 'Mal/HTMLGen-A'
wurde auf dieser Website gefunden, Verweiskennung 147571055.
20131007 191643 Web-Anfrage an "go.youlamedia.com/ypix.php" (verlinkt von
"www.ecostream.tv/stream/7c45c0566cc9a92e54a181ca00de0af5.html") für Benutzer Jenny\Robert gesperrt. 'Mal/HTMLGen-A'
wurde auf dieser Website gefunden, Verweiskennung 147571055.
20131007 191732 Web-Anfrage an "go.youlamedia.com/ypix.php" (verlinkt von
"www.ecostream.tv/stream/7c45c0566cc9a92e54a181ca00de0af5.html") für Benutzer Jenny\Robert gesperrt. 'Mal/HTMLGen-A'
wurde auf dieser Website gefunden, Verweiskennung 147571055.
20131008 080444 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688092
Objekte erkennen.
20131008 080445 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131008 081155 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688092
Objekte erkennen.
20131008 081156 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131008 084008 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688092
Objekte erkennen.
20131008 084009 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131008 212731 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688092
Objekte erkennen.
20131008 212731 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131008 223337 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131008 223340 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688178
Objekte erkennen.
20131008 223340 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131009 204152 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688178
Objekte erkennen.
20131009 204152 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131009 214743 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131009 214754 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688247
Objekte erkennen.
20131009 214754 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131010 081810 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688247
Objekte erkennen.
20131010 081810 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131010 082152 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688247
Objekte erkennen.
20131010 082153 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131010 091451 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688247
Objekte erkennen.
20131010 091451 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131010 092054 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131010 092055 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688272
Objekte erkennen.
20131010 092056 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131010 112042 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131010 112043 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688278
Objekte erkennen.
Page 2 of 4 Protokollreport 18.10.2013 13:27:40
18.10.2013 file:///C:/Users/Robert/AppData/Local/Temp/SAV0.html20131010 112043 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131010 171608 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688278
Objekte erkennen.
20131010 171608 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131010 182211 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131010 182225 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688307
Objekte erkennen.
20131010 182225 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131010 232442 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688307
Objekte erkennen.
20131010 232442 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131010 232703 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688307
Objekte erkennen.
20131010 232703 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131010 233513 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131010 233515 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688314
Objekte erkennen.
20131010 233516 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131011 091402 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688314
Objekte erkennen.
20131011 091402 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131011 102011 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131011 102031 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688325
Objekte erkennen.
20131011 102031 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131011 121958 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131011 121959 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688332
Objekte erkennen.
20131011 122000 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131011 141954 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131011 142005 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688341
Objekte erkennen.
20131011 142005 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131011 145106 Scan 'Computer scannen' gestartet.
20131011 172156 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131011 172227 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688346
Objekte erkennen.
20131011 172228 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131011 173954 Scan 'Computer scannen' abgeschlossen.
20131011 173954 Ergebniszusammenfassung für Scan 'Computer scannen':
Gescannte Objekte: 333113
Fehler: 0
Objekte in Quarantäne: 0
Behandelte Objekte: 0
20131012 110221 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688346
Objekte erkennen.
20131012 110222 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131012 120824 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131012 120829 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688375
Objekte erkennen.
20131012 120829 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131016 062022 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688375
Objekte erkennen.
20131016 062022 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131016 072626 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131016 072629 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688516
Objekte erkennen.
20131016 072630 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131016 083908 Der Scan von 'Boot Record, Laufwerk F:' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20131016 092612 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131016 092617 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688527
Objekte erkennen.
20131016 092617 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131016 224523 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688527
Objekte erkennen.
20131016 224523 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131017 062913 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688527
Objekte erkennen.
20131017 062913 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131017 063637 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131017 063653 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688601
Objekte erkennen.
20131017 063654 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
Page 3 of 4 Protokollreport 18.10.2013 13:27:40
18.10.2013 file:///C:/Users/Robert/AppData/Local/Temp/SAV0.html20131017 075013 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688601
Objekte erkennen.
20131017 075013 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131018 061256 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688601
Objekte erkennen.
20131018 061256 Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20131018 073856 Der Scan von 'Boot Record, Laufwerk F:' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20131018 073934 Scan 'Rechtsklick-Überprüfung' gestartet.
20131018 073935 Scan 'Rechtsklick-Überprüfung' abgeschlossen.
20131018 073935 Ergebniszusammenfassung für Scan 'Rechtsklick-Überprüfung':
Gescannte Objekte: 128
Fehler: 0
Objekte in Quarantäne: 0
Behandelte Objekte: 0
20131018 075607 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131018 075608 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688684
Objekte erkennen.
20131018 075608 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131018 075721 Scan 'Computer scannen' gestartet.
20131018 102516 Scan 'Computer scannen' abgeschlossen.
20131018 102517 Ergebniszusammenfassung für Scan 'Computer scannen':
Gescannte Objekte: 329196
Fehler: 0
Objekte in Quarantäne: 0
Behandelte Objekte: 0
20131018 112008 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131018 112010 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688695
Objekte erkennen.
20131018 112011 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131018 121856 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131018 121905 Die Erkennungsdatenversion 4.93G (Detection Engine 3.47.3) wird verwendet. Diese Version kann 5688699
Objekte erkennen.
20131018 121905 Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20131018 130137 Benutzer (Jenny\Robert) hat den On-Access-Scan auf diesem Computer abgebrochen.
20131018 130213 Das automatische Versenden von Dateidaten für Sophos Live-Schutz ist deaktiviert.
20131018 132341 Benutzer (Jenny\Robert) hat den On-Access-Scan auf diesem Computer gestartet.
20131018 132419 Das automatische Versenden von Dateidaten für Sophos Live-Schutz ist aktiviert.
(188 Objekte)
Page 4 of 4 Protokollreport 18.10.2013 13:27:40
Braucht Ihr noch weitere Log-Dateien? ( GMER.txt war zu groß, deshalb leider nur als ZIP angehängt) Danke für eure Unterstützung |
|
18.10.2013, 15:21
| #2 | |
| /// the machine /// TB-Ausbilder    | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Stick anklemmen, und dran lassen:
__________________Panda USB Vaccine - Download - Filepony Laufen lassen. Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
18.10.2013, 17:44
| #3 |
| | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Hallo Schrauber,
__________________vielen Dank für deine Hilfe. Hab alles so gemacht wie angewiesen. Es gab auch keine Komplikationen (keinerlei Fehlermeldung), es hat halt ein bisschen gedauert. Hier der Combofix Log-File Code:
ATTFilter ComboFix 13-10-16.02 - Robert 18.10.2013 16:34:36.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2937.990 [GMT 2:00]
ausgeführt von:: C:\Users\Robert\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\Users\Robert\AppData\Local\assembly\tmp
C:\Windows\system32\pt
C:\Windows\system32\pt\ThpProp.exe.mui
C:\Windows\system32\pt\ThpSrv.exe.mui
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_vpnagent
((((((((((((((((((((((( Dateien erstellt von 2013-09-18 bis 2013-10-18 ))))))))))))))))))))))))))))))
2013-10-18 14:51:12 . 2013-10-18 16:28:45 -------- d-----w- C:\Users\Robert\AppData\Local\temp
2013-10-18 14:51:12 . 2013-10-18 14:51:12 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-10-18 14:26:18 . 2013-10-18 14:26:18 -------- d-----w- C:\ProgramData\Panda Security
2013-10-18 14:26:13 . 2013-10-18 14:26:14 -------- d-----w- C:\Program Files\Panda USB Vaccine
2013-10-18 12:46:38 . 2013-10-18 12:46:38 -------- d-----w- C:\FRST
2013-10-18 12:41:09 . 2013-10-18 12:41:09 62576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{913A8336-B57F-42EE-8AE8-4CAED922EA64}\offreg.dll
2013-10-18 11:27:17 . 2013-10-14 06:39:45 7796464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{913A8336-B57F-42EE-8AE8-4CAED922EA64}\mpengine.dll
2013-10-16 08:45:22 . 2013-08-03 15:22:34 116187 --sha-w- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmxnftcqgr..vbs
2013-10-10 17:25:07 . 2013-09-04 01:15:32 258560 ----a-w- C:\Windows\system32\drivers\usbhub.sys
2013-10-10 17:25:07 . 2013-09-04 01:14:52 76288 ----a-w- C:\Windows\system32\drivers\usbccgp.sys
2013-10-10 17:25:07 . 2013-09-04 01:14:52 284672 ----a-w- C:\Windows\system32\drivers\usbport.sys
2013-10-10 17:25:07 . 2013-09-04 01:14:45 43008 ----a-w- C:\Windows\system32\drivers\usbehci.sys
2013-10-10 17:25:07 . 2013-09-04 01:14:45 20480 ----a-w- C:\Windows\system32\drivers\usbohci.sys
2013-10-10 17:25:07 . 2013-09-04 01:14:43 24064 ----a-w- C:\Windows\system32\drivers\usbuhci.sys
2013-10-10 17:25:07 . 2013-09-04 01:14:40 6016 ----a-w- C:\Windows\system32\drivers\usbd.sys
2013-10-09 20:55:57 . 2013-07-04 11:57:28 205824 ----a-w- C:\Windows\system32\WebClnt.dll
2013-10-09 20:55:57 . 2013-07-04 11:51:04 81920 ----a-w- C:\Windows\system32\davclnt.dll
2013-10-09 20:55:56 . 2013-07-04 09:48:52 115712 ----a-w- C:\Windows\system32\drivers\mrxdav.sys
2013-10-09 20:55:17 . 2013-07-12 10:08:19 146816 ----a-w- C:\Windows\system32\drivers\usbvideo.sys
2013-10-09 20:55:17 . 2013-07-12 10:07:54 86016 ----a-w- C:\Windows\system32\drivers\usbcir.sys
2013-10-09 20:55:16 . 2013-06-25 22:56:40 527064 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-10-08 22:51:34 . 2012-03-30 08:15:38 692616 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2013-10-08 22:51:34 . 2011-11-15 16:42:40 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-03 12:35:12 . 2011-11-15 16:38:11 238872 ------w- C:\Windows\system32\MpSigStub.exe
2013-08-05 01:56:47 . 2013-09-12 10:38:38 133056 ----a-w- C:\Windows\system32\drivers\ataport.sys
2013-08-02 01:50:36 . 2013-09-12 10:31:24 169984 ----a-w- C:\Windows\system32\winsrv.dll
2013-08-02 01:49:19 . 2013-09-12 10:31:25 293376 ----a-w- C:\Windows\system32\KernelBase.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:24 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:24 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:24 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:24 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:24 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:24 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:24 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:23 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:23 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:23 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-12 10:31:22 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48:14 . 2013-09-12 10:31:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48:14 . 2013-09-12 10:31:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48:14 . 2013-09-12 10:31:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48:14 . 2013-09-12 10:31:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 00:52:57 . 2013-09-12 10:31:24 271360 ----a-w- C:\Windows\system32\conhost.exe
2013-08-02 00:43:05 . 2013-09-12 10:31:22 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 . 2013-09-12 10:31:22 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 . 2013-09-12 10:31:22 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 . 2013-09-12 10:31:22 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-25 08:57:27 . 2013-08-14 22:17:56 1620992 ----a-w- C:\Windows\system32\WMVDECOD.DLL
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36:40 130736 ----a-w- C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36:40 130736 ----a-w- C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36:40 130736 ----a-w- C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2009-12-22 21:56:56 285504 ----a-w- C:\Program Files\TrueSuite\TrueSuite.FPLOlayIcon.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 21:29:41 1174016]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2013-10-02 09:08:56 20472992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="C:\Windows\system32\thpsrv" [X]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 06:22:28 59240]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-11-12 23:24:58 421736]
"TWebCamera"="C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 10:37:52 2446648]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2009-03-29 11:47:56 184320]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 20:12:56 7625248]
"TOSDCR"="C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 10:30:10 169296]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 21:04:12 480608]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2009-03-09 14:51:46 55160]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 11:31:24 521528]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-11-10 16:57:00 738616]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 17:17:06 611672]
"Teco"="C:\Program Files\TOSHIBA\TECO\Teco.exe" [2009-08-26 17:00:06 1324384]
"TosWaitSrv"="C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-06 16:05:42 611672]
"ClientAppLogon"="C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2009-12-22 21:56:52 307008]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 13:51:02 118784]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-02-11 18:26:32 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-02-11 18:26:26 171032]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2011-02-11 18:26:30 172568]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 15:46:10 1159168]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 09:26:54 114688]
"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 16:42:08 80840]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-10-24 13:28:52 421888]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 09:40:42 1387288]
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 23:08:12 1259376]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 13:02:04 254696]
"Sophos AutoUpdate Monitor"="C:\Program Files\Sophos\AutoUpdate\almon.exe" [2013-06-04 15:06:13 929272]
"NWTRAY"="NWTRAY.EXE" [2012-03-27 15:32:38 34904]
"PDFPrint"="C:\Program Files\PDF24\pdf24.exe" [2013-03-20 11:55:48 162856]
C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
tmxnftcqgr..vbs [2013-8-3 116187]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-5-9 2750376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03:34 66328 ----a-w- c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 08:34:30 171680]
R2 swi_update;Sophos Web Intelligence Update;C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [2013-06-04 15:05:16 1468920]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 21:29:03 62464]
R3 epmntdrv;epmntdrv;C:\Windows\system32\epmntdrv.sys [2011-07-29 12:54:56 14216]
R3 EuGdiDrv;EuGdiDrv;C:\Windows\system32\EuGdiDrv.sys [2011-07-29 12:54:56 8456]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 22:02:51 4231168]
R3 sdcfilter;sdcfilter;C:\Windows\system32\DRIVERS\sdcfilter.sys [2012-10-20 10:39:20 33696]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 17:16:32 111960]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-06 16:04:56 685424]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 21:29:24 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 21:29:03 27264]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe [2013-09-12 23:24:41 1343400]
R4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys [2012-10-20 10:30:58 22536]
S0 NCFilter;Novell UNC Filter - Filter;C:\Windows\system32\DRIVERS\NCFilter.sys [2012-03-27 15:32:38 91736]
S0 NCRecognizer;Novell UNC Filter - Recognizer;C:\Windows\system32\DRIVERS\NCRecognizer.sys [2012-03-27 15:32:38 111192]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;C:\Windows\system32\DRIVERS\NCUncFilter.sys [2012-03-27 15:32:38 22616]
S0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys [2009-06-29 09:25:24 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 08:14:00 6528]
S1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys [2013-06-04 15:05:38 132424]
S1 SKMScan;SKMScan;C:\Windows\system32\DRIVERS\skmscan.sys [2013-06-04 15:05:32 33096]
S2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\atservice.exe [2009-12-22 21:41:54 1819968]
S2 FPLService;TrueSuiteService;C:\Program Files\TrueSuite\TrueSuite.Service.exe [2009-12-22 21:57:04 108352]
S2 NCFSD;Novell Client File System Redirector;C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [2012-03-27 15:32:38 90712]
S2 NCIOCTL;Novell Xplat IoCtl Driver;C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [2012-03-27 15:32:38 60504]
S2 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 10:23:26 90112]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2013-06-04 15:05:44 217592]
S2 SAVService;Sophos Anti-Virus;C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2013-06-04 15:05:20 159296]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 11:13:44 3064000]
S2 Sophos Web Control Service;Sophos Web Control Service;C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-10-20 10:37:28 357400]
S2 swi_service;Sophos Web Intelligence Service;C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2013-06-04 15:05:19 2890232]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-27 12:37:10 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 18:31:08 12920]
S2 XTSvcMgr;Novell XTier Service Manager;C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [2012-03-27 15:32:38 16984]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys [2009-09-24 00:30:28 659328]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y6232.sys [2010-04-07 22:04:04 223960]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;C:\Windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 15:36:40 6755840]
S3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 16:04:58 24064]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - WS2IFSL
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
Inhalt des "geplante Tasks" Ordners
2013-10-18 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:15:38 . 2013-10-08 22:51:35]
------- Zusätzlicher Suchlauf -------
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
LSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 10.2.0.1 10.2.0.2
DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab
FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.zeit.de/
FF - prefs.js: network.proxy.http - 91.228.53.28
FF - prefs.js: network.proxy.http_port - 8089
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-24 22:21; admin@proxy-listen.de; C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\extensions\admin@proxy-listen.de.xpi
FF - ExtSQL: 2013-09-24 22:27; foxyproxy@eric.h.jung; C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\extensions\foxyproxy@eric.h.jung
- - - - Entfernte verwaiste Registrierungseinträge - - - -
SafeBoot-Wdf01000.sys
AddRemove-TOSHIBA Software Modem - C:\Windows\agrsmdel
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(5984)
C:\Users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
C:\Program Files\TrueSuite\TrueSuite.FPLOlayIcon.dll
C:\Windows\system32\NETWIN32.DLL
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtExt.dll
Also, wie gesagt danke schon mal. Hoffe das Log-file erzählt keine all zu schlimmen geschichten!? |
|
19.10.2013, 08:00
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Nee geht  Bei MBAM jetzt bitte Stick auch mitscannen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.10.2013, 09:22
| #5 |
| | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Ich weiß gar nicht was ich noch sagen soll. Schrauber, ohne dich wäre ich echt aufgeschmissen! Vielen Dank! MBAM hat keine Ergebnisse gefunden, dementsprechend habe ich auch nichts entfernt: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.19.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16721 Robert :: JENNY [Administrator] 19.10.2013 09:45:03 mbam-log-2013-10-19 (09-45-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Dateisystem | P2P Durchsuchte Objekte: 220074 Laufzeit: 3 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.008 - Bericht erstellt am 19/10/2013 um 09:56:21
# Updated 17/10/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Robert - JENNY
# Gestartet von : C:\Users\Robert\Desktop\adwcleaner_3.0.0.8.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Robert\AppData\LocalLow\boost_interprocess
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.enabledAddons", "DeviceDetection%40logitech.com:1.23.0.5,DivXWebPlayer%40divx.com:2.0.2.039,%7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145,%7B8AA36F4F-6DC7-4c06-77AF-503517[...]
*************************
AdwCleaner[R0].txt - [2214 octets] - [19/10/2013 09:54:57]
AdwCleaner[S0].txt - [2137 octets] - [19/10/2013 09:56:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2197 octets] ##########
JRT-Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Professional x86
Ran by Robert on 19.10.2013 at 10:06:51,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Robert\appdata\local\{9CBFDB94-A98D-44B2-8CAD-2FE7B795A0D9}
Successfully deleted: [Empty Folder] C:\Users\Robert\appdata\local\{A329F523-8E79-45CF-9185-FDF47245F5A5}
~~~ FireFox
Emptied folder: C:\Users\Robert\AppData\Roaming\mozilla\firefox\profiles\6vf0vtng.default\minidumps [236 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.10.2013 at 10:09:41,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Robert (administrator) on JENNY on 19-10-2013 10:14:04
Running from C:\Users\Robert\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\atservice.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TEco.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TouchED\TouchED.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
() C:\Windows\System32\nwtray.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Dropbox, Inc.) C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.WeblogonHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [307008 2009-12-22] (AuthenTec, Inc.)
HKLM\...\Run: [TouchED] - C:\Program Files\TOSHIBA\TouchED\TouchED.exe [118784 2005-09-01] (TOSHIBA Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [929272 2013-06-04] (Sophos Limited)
HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [34904 2012-03-27] ()
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Administrator\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)
HKU\Administrator\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-02] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll [ 2013-06-04] (Sophos Limited)
Lsa: [Authentication Packages] msv1_0 ncv1_0
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmxnftcqgr..vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0A10DF2B4A3CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {55FAF0F2-44D4-425f-B5F5-6B275B621EAB} URL = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 10.2.0.1 10.2.0.2
FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default
FF Homepage: hxxp://www.zeit.de/
FF NetworkProxy: "http", "91.228.53.28"
FF NetworkProxy: "http_port", 8089
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DeviceDetection@logitech.com
FF Extension: FoxyProxy Basic - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\foxyproxy@eric.h.jung
FF Extension: YouTube Unblocker - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: admin - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: DivXWebPlayer - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: TrueSuite Website Log On - C:\Program Files\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
========================== Services (Whitelisted) =================
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 ATService; C:\Program Files\Fingerprint Sensor\atservice.exe [1819968 2009-12-22] (AuthenTec, Inc.)
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [108352 2009-12-22] (AuthenTec, Inc)
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-06-04] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-06-04] (Sophos Limited)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [237048 2013-06-04] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-10-20] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-06-04] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1468920 2013-06-04] (Sophos Limited)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [16984 2012-03-27] (Novell, Inc.)
==================== Drivers (Whitelisted) ====================
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] ()
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [91736 2012-03-27] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [90712 2012-03-27] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [60504 2012-03-27] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [111192 2012-03-27] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [22616 2012-03-27] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [27224 2012-03-27] (Novell, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [132424 2013-06-04] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2012-10-20] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33096 2013-06-04] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2012-10-20] (Sophos Plc)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [65112 2012-03-27] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [64088 2012-03-27] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [41048 2012-03-27] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [18520 2012-03-27] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [66136 2012-03-27] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [30808 2012-03-27] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [45656 2012-03-27] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [27224 2012-03-27] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [22104 2012-03-27] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [28760 2012-03-27] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [45144 2012-03-27] (Novell, Inc.)
S3 catchme; \??\C:\Users\Robert\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-19 10:09 - 2013-10-19 10:09 - 00001292 _____ C:\Users\Robert\Desktop\JRT.txt
2013-10-19 10:06 - 2013-10-19 10:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-19 10:03 - 2013-10-19 10:03 - 01033335 _____ (Thisisu) C:\Users\Robert\Desktop\JRT.exe
2013-10-19 10:00 - 2013-10-19 10:00 - 00002277 _____ C:\Users\Robert\Desktop\AdwCleaner[S0].txt
2013-10-19 09:54 - 2013-10-19 09:56 - 00000000 ____D C:\AdwCleaner
2013-10-19 09:52 - 2013-10-19 09:52 - 01050644 _____ C:\Users\Robert\Desktop\adwcleaner_3.0.0.8.exe
2013-10-19 09:40 - 2013-10-19 09:40 - 00001031 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-19 09:40 - 2013-10-19 09:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Malwarebytes
2013-10-19 09:40 - 2013-10-19 09:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-19 09:40 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-18 18:34 - 2013-10-18 18:34 - 00020802 _____ C:\ComboFix.txt
2013-10-18 16:32 - 2013-10-18 18:34 - 00000000 ____D C:\ComboFix
2013-10-18 16:32 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-18 16:32 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-18 16:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-18 16:29 - 2013-10-18 18:34 - 00000000 ____D C:\Qoobox
2013-10-18 16:28 - 2013-10-18 18:31 - 00000000 ____D C:\Windows\erdnt
2013-10-18 16:28 - 2013-10-18 16:28 - 05134711 ____R (Swearware) C:\Users\Robert\Desktop\ComboFix.exe
2013-10-18 16:26 - 2013-10-18 16:26 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-18 16:26 - 2013-10-18 16:26 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-10-18 16:11 - 2013-10-18 19:46 - 00000000 ____D C:\Users\Robert\Desktop\Trojaner
2013-10-18 14:46 - 2013-10-18 14:46 - 00000000 ____D C:\FRST
2013-10-18 14:45 - 2013-10-18 14:45 - 01087213 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe
2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 _____ C:\Users\Robert\defogger_reenable
2013-10-10 19:25 - 2013-09-04 03:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-10 00:26 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 00:26 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 00:26 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 00:26 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 00:26 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 00:26 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 00:25 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 22:56 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 22:56 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 22:56 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 22:56 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-09 22:56 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 22:56 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 22:56 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 22:56 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 22:56 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 22:56 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 22:56 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 22:56 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 22:56 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 22:56 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 22:56 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 22:56 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 22:56 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 22:56 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 22:56 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 22:56 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 22:56 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 22:55 - 2013-07-12 12:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 22:55 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 22:55 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 22:55 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 22:55 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 22:55 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-07 20:14 - 2013-10-07 20:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3
2013-09-19 20:50 - 2013-09-19 20:50 - 00000000 ____D C:\Users\Robert\Desktop\CAF
2013-09-19 01:09 - 2013-09-19 01:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-10-19 10:09 - 2013-10-19 10:09 - 00001292 _____ C:\Users\Robert\Desktop\JRT.txt
2013-10-19 10:06 - 2013-10-19 10:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-19 10:06 - 2009-07-14 06:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-19 10:06 - 2009-07-14 06:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-19 10:04 - 2011-11-16 17:22 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype
2013-10-19 10:03 - 2013-10-19 10:03 - 01033335 _____ (Thisisu) C:\Users\Robert\Desktop\JRT.exe
2013-10-19 10:02 - 2011-11-16 17:05 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Dropbox
2013-10-19 10:00 - 2013-10-19 10:00 - 00002277 _____ C:\Users\Robert\Desktop\AdwCleaner[S0].txt
2013-10-19 09:58 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-19 09:58 - 2009-07-14 06:39 - 00109544 _____ C:\Windows\setupact.log
2013-10-19 09:57 - 2011-11-15 18:21 - 01761777 _____ C:\Windows\WindowsUpdate.log
2013-10-19 09:56 - 2013-10-19 09:54 - 00000000 ____D C:\AdwCleaner
2013-10-19 09:52 - 2013-10-19 09:52 - 01050644 _____ C:\Users\Robert\Desktop\adwcleaner_3.0.0.8.exe
2013-10-19 09:51 - 2012-07-22 14:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-19 09:40 - 2013-10-19 09:40 - 00001031 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-19 09:40 - 2013-10-19 09:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Malwarebytes
2013-10-19 09:40 - 2013-10-19 09:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-19 09:40 - 2010-04-03 14:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-19 09:37 - 2010-11-20 23:01 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-18 19:46 - 2013-10-18 16:11 - 00000000 ____D C:\Users\Robert\Desktop\Trojaner
2013-10-18 18:34 - 2013-10-18 18:34 - 00020802 _____ C:\ComboFix.txt
2013-10-18 18:34 - 2013-10-18 16:32 - 00000000 ____D C:\ComboFix
2013-10-18 18:34 - 2013-10-18 16:29 - 00000000 ____D C:\Qoobox
2013-10-18 18:34 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-10-18 18:34 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-18 18:31 - 2013-10-18 16:28 - 00000000 ____D C:\Windows\erdnt
2013-10-18 18:28 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-10-18 18:13 - 2010-11-20 23:48 - 00095560 _____ C:\Windows\PFRO.log
2013-10-18 17:32 - 2009-07-14 04:03 - 52953088 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-10-18 17:32 - 2009-07-14 04:03 - 15990784 _____ C:\Windows\system32\config\SYSTEM.bak
2013-10-18 17:32 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-10-18 17:32 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-10-18 17:32 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-10-18 16:28 - 2013-10-18 16:28 - 05134711 ____R (Swearware) C:\Users\Robert\Desktop\ComboFix.exe
2013-10-18 16:26 - 2013-10-18 16:26 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-18 16:26 - 2013-10-18 16:26 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-10-18 14:46 - 2013-10-18 14:46 - 00000000 ____D C:\FRST
2013-10-18 14:45 - 2013-10-18 14:45 - 01087213 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe
2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 _____ C:\Users\Robert\defogger_reenable
2013-10-18 14:41 - 2011-11-15 18:31 - 00000000 ____D C:\Users\Robert
2013-10-12 13:11 - 2011-11-16 17:22 - 00000000 ____D C:\ProgramData\Skype
2013-10-12 13:11 - 2009-08-14 12:32 - 00000000 ___RD C:\Program Files\Skype
2013-10-11 12:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-10-10 11:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 10:21 - 2009-07-14 06:33 - 00366296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 10:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 00:33 - 2011-11-16 20:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 00:30 - 2013-07-20 19:31 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 00:28 - 2011-11-17 22:25 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 00:27 - 2010-11-21 20:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 00:51 - 2012-03-30 10:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 00:51 - 2011-11-15 18:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 20:14 - 2013-10-07 20:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3
2013-09-30 15:51 - 2013-07-02 19:27 - 00000000 ____D C:\Users\Robert\Desktop\Kurse Paris
2013-09-24 22:32 - 2011-11-16 17:38 - 00017408 _____ C:\Users\Robert\AppData\Local\WebpageIcons.db
2013-09-23 01:28 - 2013-10-10 00:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 01:28 - 2013-10-10 00:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 01:28 - 2013-10-10 00:26 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 01:27 - 2013-10-10 00:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 01:27 - 2013-10-10 00:25 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-21 05:30 - 2013-10-10 00:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 04:39 - 2013-10-10 00:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-19 20:50 - 2013-09-19 20:50 - 00000000 ____D C:\Users\Robert\Desktop\CAF
2013-09-19 18:08 - 2012-05-14 14:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 13:25 - 2011-11-16 15:57 - 00000000 ____D C:\Users\Robert\AppData\Local\Mozilla
2013-09-19 01:09 - 2013-09-19 01:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
Files to move or delete:
====================
C:\ProgramData\hpe9E43.dll
Some content of TEMP:
====================
C:\Users\Robert\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-11 12:09
==================== End Of Log ============================
|
|
19.10.2013, 14:59
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändertESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert |
|
20.10.2013, 18:30
| #7 |
| | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert GROSSARTIG!!! Mit dem Stick kann ich wieder ganz normal arbeiten. ESET-log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5d3ade9e35bba54f92b370f1c16ead05
# engine=15554
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-20 04:53:28
# local_time=2013-10-20 06:53:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 117840 133919199 0 0
# compatibility_mode=8450 16777213 85 98 21373 31559028 0 0
# scanned=413175
# found=1
# cleaned=0
# scan_time=18988
sh=12820159BBE612A7F39795E2B6233955AE1B299E ft=0 fh=0000000000000000 vn="VBS/Kryptik.R trojan" ac=I fn="C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmxnftcqgr..vbs"
Code:
ATTFilter Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Sophos Anti-Virus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 35 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (24.0) Mozilla Thunderbird (17.0.8) ````````Process Check: objlist.exe by Laurent```````` Sophos Sophos Anti-Virus SavService.exe Sophos Sophos Anti-Virus SAVAdminService.exe Sophos Sophos Anti-Virus Web Control swc_service.exe Sophos Sophos Anti-Virus Web Intelligence swi_service.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
Ran by Robert (administrator) on JENNY on 20-10-2013 19:09:21
Running from C:\Users\Robert\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\atservice.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TEco.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TouchED\TouchED.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
() C:\Windows\System32\nwtray.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.WeblogonHost.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [307008 2009-12-22] (AuthenTec, Inc.)
HKLM\...\Run: [TouchED] - C:\Program Files\TOSHIBA\TouchED\TouchED.exe [118784 2005-09-01] (TOSHIBA Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [929272 2013-06-04] (Sophos Limited)
HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [34904 2012-03-27] ()
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Administrator\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)
HKU\Administrator\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-02] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll [ 2013-06-04] (Sophos Limited)
Lsa: [Authentication Packages] msv1_0 ncv1_0
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmxnftcqgr..vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0A10DF2B4A3CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {55FAF0F2-44D4-425f-B5F5-6B275B621EAB} URL = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 10.2.0.1 10.2.0.2
FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default
FF Homepage: hxxp://www.zeit.de/
FF NetworkProxy: "http", "91.228.53.28"
FF NetworkProxy: "http_port", 8089
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DeviceDetection@logitech.com
FF Extension: FoxyProxy Basic - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\foxyproxy@eric.h.jung
FF Extension: YouTube Unblocker - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: admin - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: DivXWebPlayer - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: TrueSuite Website Log On - C:\Program Files\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
========================== Services (Whitelisted) =================
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 ATService; C:\Program Files\Fingerprint Sensor\atservice.exe [1819968 2009-12-22] (AuthenTec, Inc.)
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [108352 2009-12-22] (AuthenTec, Inc)
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-06-04] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-06-04] (Sophos Limited)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [237048 2013-06-04] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-10-20] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-06-04] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1468920 2013-06-04] (Sophos Limited)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [16984 2012-03-27] (Novell, Inc.)
==================== Drivers (Whitelisted) ====================
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] ()
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [91736 2012-03-27] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [90712 2012-03-27] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [60504 2012-03-27] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [111192 2012-03-27] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [22616 2012-03-27] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [27224 2012-03-27] (Novell, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [132424 2013-06-04] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2012-10-20] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33096 2013-06-04] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2012-10-20] (Sophos Plc)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [65112 2012-03-27] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [64088 2012-03-27] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [41048 2012-03-27] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [18520 2012-03-27] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [66136 2012-03-27] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [30808 2012-03-27] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [45656 2012-03-27] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [27224 2012-03-27] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [22104 2012-03-27] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [28760 2012-03-27] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [45144 2012-03-27] (Novell, Inc.)
S3 catchme; \??\C:\Users\Robert\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-20 19:08 - 2013-10-20 19:08 - 01087515 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe
2013-10-20 19:05 - 2013-10-20 19:05 - 00001138 _____ C:\Users\Robert\Desktop\sec_checkup.txt
2013-10-20 13:32 - 2013-10-20 13:32 - 00891167 _____ C:\Users\Robert\Desktop\SecurityCheck.exe
2013-10-20 13:30 - 2013-10-20 13:29 - 02347384 _____ (ESET) C:\Users\Robert\Desktop\esetsmartinstaller_enu.exe
2013-10-19 10:06 - 2013-10-19 10:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-19 10:03 - 2013-10-19 10:03 - 01033335 _____ (Thisisu) C:\Users\Robert\Desktop\JRT.exe
2013-10-19 09:54 - 2013-10-19 09:56 - 00000000 ____D C:\AdwCleaner
2013-10-19 09:52 - 2013-10-19 09:52 - 01050644 _____ C:\Users\Robert\Desktop\adwcleaner_3.0.0.8.exe
2013-10-19 09:40 - 2013-10-19 09:40 - 00001031 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-19 09:40 - 2013-10-19 09:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Malwarebytes
2013-10-19 09:40 - 2013-10-19 09:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-19 09:40 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-18 18:34 - 2013-10-18 18:34 - 00020802 _____ C:\ComboFix.txt
2013-10-18 16:32 - 2013-10-18 18:34 - 00000000 ____D C:\ComboFix
2013-10-18 16:32 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-18 16:32 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-18 16:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-18 16:29 - 2013-10-18 18:34 - 00000000 ____D C:\Qoobox
2013-10-18 16:28 - 2013-10-18 18:31 - 00000000 ____D C:\Windows\erdnt
2013-10-18 16:28 - 2013-10-18 16:28 - 05134711 ____R (Swearware) C:\Users\Robert\Desktop\ComboFix.exe
2013-10-18 16:26 - 2013-10-18 16:26 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-18 16:26 - 2013-10-18 16:26 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-10-18 16:11 - 2013-10-19 10:25 - 00000000 ____D C:\Users\Robert\Desktop\Trojaner
2013-10-18 14:46 - 2013-10-18 14:46 - 00000000 ____D C:\FRST
2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 _____ C:\Users\Robert\defogger_reenable
2013-10-10 19:25 - 2013-09-04 03:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-10 00:26 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 00:26 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 00:26 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 00:26 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 00:26 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 00:26 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 00:25 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 22:56 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 22:56 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 22:56 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 22:56 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-09 22:56 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 22:56 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 22:56 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 22:56 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 22:56 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 22:56 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 22:56 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 22:56 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 22:56 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 22:56 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 22:56 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 22:56 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 22:56 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 22:56 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 22:56 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 22:56 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 22:56 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 22:55 - 2013-07-12 12:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 22:55 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 22:55 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 22:55 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 22:55 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 22:55 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-07 20:14 - 2013-10-07 20:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3
==================== One Month Modified Files and Folders =======
2013-10-20 19:08 - 2013-10-20 19:08 - 01087515 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe
2013-10-20 19:08 - 2011-11-16 17:22 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype
2013-10-20 19:05 - 2013-10-20 19:05 - 00001138 _____ C:\Users\Robert\Desktop\sec_checkup.txt
2013-10-20 18:51 - 2012-07-22 14:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-20 18:18 - 2011-11-15 18:21 - 01867732 _____ C:\Windows\WindowsUpdate.log
2013-10-20 17:27 - 2011-11-16 17:05 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Dropbox
2013-10-20 15:34 - 2010-11-20 23:01 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-20 13:32 - 2013-10-20 13:32 - 00891167 _____ C:\Users\Robert\Desktop\SecurityCheck.exe
2013-10-20 13:29 - 2013-10-20 13:30 - 02347384 _____ (ESET) C:\Users\Robert\Desktop\esetsmartinstaller_enu.exe
2013-10-20 09:58 - 2009-07-14 06:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-20 09:58 - 2009-07-14 06:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-20 09:51 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-20 09:51 - 2009-07-14 06:39 - 00109600 _____ C:\Windows\setupact.log
2013-10-19 10:36 - 2013-09-16 14:00 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-19 10:25 - 2013-10-18 16:11 - 00000000 ____D C:\Users\Robert\Desktop\Trojaner
2013-10-19 10:06 - 2013-10-19 10:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-19 10:03 - 2013-10-19 10:03 - 01033335 _____ (Thisisu) C:\Users\Robert\Desktop\JRT.exe
2013-10-19 09:56 - 2013-10-19 09:54 - 00000000 ____D C:\AdwCleaner
2013-10-19 09:52 - 2013-10-19 09:52 - 01050644 _____ C:\Users\Robert\Desktop\adwcleaner_3.0.0.8.exe
2013-10-19 09:40 - 2013-10-19 09:40 - 00001031 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-19 09:40 - 2013-10-19 09:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Malwarebytes
2013-10-19 09:40 - 2013-10-19 09:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-19 09:40 - 2010-04-03 14:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-18 18:34 - 2013-10-18 18:34 - 00020802 _____ C:\ComboFix.txt
2013-10-18 18:34 - 2013-10-18 16:32 - 00000000 ____D C:\ComboFix
2013-10-18 18:34 - 2013-10-18 16:29 - 00000000 ____D C:\Qoobox
2013-10-18 18:34 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-10-18 18:34 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-18 18:31 - 2013-10-18 16:28 - 00000000 ____D C:\Windows\erdnt
2013-10-18 18:28 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-10-18 18:13 - 2010-11-20 23:48 - 00095560 _____ C:\Windows\PFRO.log
2013-10-18 17:32 - 2009-07-14 04:03 - 52953088 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-10-18 17:32 - 2009-07-14 04:03 - 15990784 _____ C:\Windows\system32\config\SYSTEM.bak
2013-10-18 17:32 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-10-18 17:32 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-10-18 17:32 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-10-18 16:28 - 2013-10-18 16:28 - 05134711 ____R (Swearware) C:\Users\Robert\Desktop\ComboFix.exe
2013-10-18 16:26 - 2013-10-18 16:26 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-18 16:26 - 2013-10-18 16:26 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-10-18 14:46 - 2013-10-18 14:46 - 00000000 ____D C:\FRST
2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 _____ C:\Users\Robert\defogger_reenable
2013-10-18 14:41 - 2011-11-15 18:31 - 00000000 ____D C:\Users\Robert
2013-10-12 13:11 - 2011-11-16 17:22 - 00000000 ____D C:\ProgramData\Skype
2013-10-12 13:11 - 2009-08-14 12:32 - 00000000 ___RD C:\Program Files\Skype
2013-10-11 12:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-10-10 11:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 10:21 - 2009-07-14 06:33 - 00366296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 10:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 00:33 - 2011-11-16 20:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 00:30 - 2013-07-20 19:31 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 00:28 - 2011-11-17 22:25 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 00:27 - 2010-11-21 20:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 00:51 - 2012-03-30 10:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 00:51 - 2011-11-15 18:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 20:14 - 2013-10-07 20:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3
2013-09-30 15:51 - 2013-07-02 19:27 - 00000000 ____D C:\Users\Robert\Desktop\Kurse Paris
2013-09-24 22:32 - 2011-11-16 17:38 - 00017408 _____ C:\Users\Robert\AppData\Local\WebpageIcons.db
2013-09-23 01:28 - 2013-10-10 00:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 01:28 - 2013-10-10 00:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 01:28 - 2013-10-10 00:26 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 01:27 - 2013-10-10 00:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 01:27 - 2013-10-10 00:25 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-21 05:30 - 2013-10-10 00:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 04:39 - 2013-10-10 00:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
Files to move or delete:
====================
C:\ProgramData\hpe9E43.dll
Some content of TEMP:
====================
C:\Users\Robert\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-11 12:09
==================== End Of Log ============================
Heißt das, dass mein Rechner wieder komplett clean ist? Sollte ich vorsichtshalber alle Passwörter etc. ändern, weil das evtl. ausgespäht wurde oder war das ganze weniger bedenklich? Was sollte ich in Zukunft für Vorsichtsmaßnahmen ergreifen? Wäre da über jeden Tipp dankbar! Sollte ich zusätzlich zu Sophos noch etwas installieren? Oder ist Sophos generell nicht so gut und ich sollte es ersetzten? Schrauber ich danke dir vielmals! |
|
21.10.2013, 08:02
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Java und Adobe updaten. Rest machen wir gleich, erst noch nen Fix. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmxnftcqgr..vbs
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmxnftcqgr..vbs ()
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.10.2013, 14:09
| #9 |
| | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Der Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-10-2013
Ran by Robert at 2013-10-21 15:07:23 Run:1
Running from C:\Users\Robert\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmxnftcqgr..vbs
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmxnftcqgr..vbs ()
*****************
C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmxnftcqgr..vbs => Moved successfully.
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE => Moved successfully.
C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmxnftcqgr..vbs not found.
==== End of Fixlog ====
|
|
22.10.2013, 07:22
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.10.2013, 10:53
| #11 |
| | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Nein Keine Probleme mehr! Vielen Dank! Kann ich Trojaner-board irgendwie unterstützen? Bin echt begeistert!!! FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2013
Ran by Robert (administrator) on JENNY on 22-10-2013 11:50:46
Running from C:\Users\Robert\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\atservice.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TEco.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TouchED\TouchED.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
() C:\Windows\System32\nwtray.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Dropbox, Inc.) C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\FRST\Quarantine\ONENOTEM.EXE
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [307008 2009-12-22] (AuthenTec, Inc.)
HKLM\...\Run: [TouchED] - C:\Program Files\TOSHIBA\TouchED\TouchED.exe [118784 2005-09-01] (TOSHIBA Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [929272 2013-06-04] (Sophos Limited)
HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [34904 2012-03-27] ()
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Administrator\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)
HKU\Administrator\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-02] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL [ 2013-06-04] (Sophos Limited)
Lsa: [Authentication Packages] msv1_0 ncv1_0
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\FRST\Quarantine\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0A10DF2B4A3CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {55FAF0F2-44D4-425f-B5F5-6B275B621EAB} URL = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 10.2.0.1 10.2.0.2
FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default
FF Homepage: hxxp://www.zeit.de/
FF NetworkProxy: "http", "91.228.53.28"
FF NetworkProxy: "http_port", 8089
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DeviceDetection@logitech.com
FF Extension: FoxyProxy Basic - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\foxyproxy@eric.h.jung
FF Extension: YouTube Unblocker - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: admin - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: DivXWebPlayer - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6vf0vtng.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: TrueSuite Website Log On - C:\Program Files\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
========================== Services (Whitelisted) =================
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 ATService; C:\Program Files\Fingerprint Sensor\atservice.exe [1819968 2009-12-22] (AuthenTec, Inc.)
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [108352 2009-12-22] (AuthenTec, Inc)
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-06-04] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-06-04] (Sophos Limited)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [237048 2013-06-04] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-10-20] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-06-04] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1468920 2013-06-04] (Sophos Limited)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [16984 2012-03-27] (Novell, Inc.)
==================== Drivers (Whitelisted) ====================
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] ()
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [91736 2012-03-27] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [90712 2012-03-27] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [60504 2012-03-27] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [111192 2012-03-27] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [22616 2012-03-27] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [27224 2012-03-27] (Novell, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [132424 2013-06-04] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2012-10-20] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33096 2013-06-04] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2012-10-20] (Sophos Plc)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [65112 2012-03-27] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [64088 2012-03-27] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [41048 2012-03-27] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [18520 2012-03-27] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [66136 2012-03-27] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [30808 2012-03-27] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [45656 2012-03-27] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [27224 2012-03-27] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [22104 2012-03-27] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [28760 2012-03-27] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [45144 2012-03-27] (Novell, Inc.)
S3 catchme; \??\C:\Users\Robert\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-22 11:50 - 2013-10-22 11:50 - 01087503 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe
2013-10-21 16:26 - 2013-10-21 16:27 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-21 14:51 - 2013-10-21 14:51 - 00000000 ____D C:\ProgramData\Oracle
2013-10-21 14:50 - 2013-10-21 14:50 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 14:50 - 2013-10-21 14:50 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 14:50 - 2013-10-21 14:50 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 14:50 - 2013-10-21 14:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-19 10:06 - 2013-10-19 10:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-19 09:54 - 2013-10-19 09:56 - 00000000 ____D C:\AdwCleaner
2013-10-19 09:40 - 2013-10-19 09:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Malwarebytes
2013-10-19 09:40 - 2013-10-19 09:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-19 09:40 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-18 18:34 - 2013-10-18 18:34 - 00020802 _____ C:\ComboFix.txt
2013-10-18 16:32 - 2013-10-18 18:34 - 00000000 ____D C:\ComboFix
2013-10-18 16:32 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-18 16:32 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-18 16:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-18 16:32 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-18 16:29 - 2013-10-18 18:34 - 00000000 ____D C:\Qoobox
2013-10-18 16:28 - 2013-10-18 18:31 - 00000000 ____D C:\Windows\erdnt
2013-10-18 16:26 - 2013-10-18 16:26 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-18 16:26 - 2013-10-18 16:26 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-10-18 16:11 - 2013-10-22 11:39 - 00000000 ____D C:\Users\Robert\Desktop\Trojaner
2013-10-18 14:46 - 2013-10-18 14:46 - 00000000 ____D C:\FRST
2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 _____ C:\Users\Robert\defogger_reenable
2013-10-10 19:25 - 2013-09-04 03:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-10 19:25 - 2013-09-04 03:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-10 00:26 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 00:26 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 00:26 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 00:26 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 00:26 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 00:26 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 00:26 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 00:25 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 22:56 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 22:56 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 22:56 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 22:56 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-09 22:56 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 22:56 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 22:56 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 22:56 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 22:56 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 22:56 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 22:56 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 22:56 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 22:56 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 22:56 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 22:56 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 22:56 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 22:56 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 22:56 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 22:56 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 22:56 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 22:56 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 22:55 - 2013-07-12 12:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 22:55 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 22:55 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 22:55 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 22:55 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 22:55 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-07 20:14 - 2013-10-07 20:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3
==================== One Month Modified Files and Folders =======
2013-10-22 11:51 - 2012-07-22 14:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-22 11:50 - 2013-10-22 11:50 - 01087503 _____ (Farbar) C:\Users\Robert\Desktop\FRST.exe
2013-10-22 11:43 - 2009-07-14 06:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-22 11:43 - 2009-07-14 06:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-22 11:40 - 2011-11-16 17:22 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype
2013-10-22 11:40 - 2011-11-16 17:05 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Dropbox
2013-10-22 11:39 - 2013-10-18 16:11 - 00000000 ____D C:\Users\Robert\Desktop\Trojaner
2013-10-22 11:35 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-22 11:34 - 2012-05-14 14:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-22 11:34 - 2010-11-20 23:48 - 00096752 _____ C:\Windows\PFRO.log
2013-10-22 11:34 - 2009-07-14 06:39 - 00109712 _____ C:\Windows\setupact.log
2013-10-21 21:27 - 2011-11-15 18:21 - 01945772 _____ C:\Windows\WindowsUpdate.log
2013-10-21 20:17 - 2013-04-11 18:41 - 00000000 ____D C:\Users\Robert\Desktop\entwickeln
2013-10-21 16:27 - 2013-10-21 16:26 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-21 14:51 - 2013-10-21 14:51 - 00000000 ____D C:\ProgramData\Oracle
2013-10-21 14:50 - 2013-10-21 14:50 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 14:50 - 2013-10-21 14:50 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 14:50 - 2013-10-21 14:50 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 14:50 - 2013-10-21 14:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 14:50 - 2008-07-21 14:43 - 00000000 ____D C:\Program Files\Java
2013-10-20 15:34 - 2010-11-20 23:01 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-19 10:06 - 2013-10-19 10:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-19 09:56 - 2013-10-19 09:54 - 00000000 ____D C:\AdwCleaner
2013-10-19 09:40 - 2013-10-19 09:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Malwarebytes
2013-10-19 09:40 - 2013-10-19 09:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-19 09:40 - 2010-04-03 14:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-18 18:34 - 2013-10-18 18:34 - 00020802 _____ C:\ComboFix.txt
2013-10-18 18:34 - 2013-10-18 16:32 - 00000000 ____D C:\ComboFix
2013-10-18 18:34 - 2013-10-18 16:29 - 00000000 ____D C:\Qoobox
2013-10-18 18:34 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-10-18 18:34 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-18 18:31 - 2013-10-18 16:28 - 00000000 ____D C:\Windows\erdnt
2013-10-18 18:28 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-10-18 17:32 - 2009-07-14 04:03 - 52953088 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-10-18 17:32 - 2009-07-14 04:03 - 15990784 _____ C:\Windows\system32\config\SYSTEM.bak
2013-10-18 17:32 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-10-18 17:32 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-10-18 17:32 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-10-18 16:26 - 2013-10-18 16:26 - 00000000 ____D C:\ProgramData\Panda Security
2013-10-18 16:26 - 2013-10-18 16:26 - 00000000 ____D C:\Program Files\Panda USB Vaccine
2013-10-18 14:46 - 2013-10-18 14:46 - 00000000 ____D C:\FRST
2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 _____ C:\Users\Robert\defogger_reenable
2013-10-18 14:41 - 2011-11-15 18:31 - 00000000 ____D C:\Users\Robert
2013-10-12 13:11 - 2011-11-16 17:22 - 00000000 ____D C:\ProgramData\Skype
2013-10-12 13:11 - 2009-08-14 12:32 - 00000000 ___RD C:\Program Files\Skype
2013-10-11 12:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-10-10 11:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 10:21 - 2009-07-14 06:33 - 00366296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 10:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 00:33 - 2011-11-16 20:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 00:30 - 2013-07-20 19:31 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 00:28 - 2011-11-17 22:25 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 00:27 - 2010-11-21 20:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 00:51 - 2012-03-30 10:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 00:51 - 2011-11-15 18:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 20:14 - 2013-10-07 20:14 - 00000000 ____D C:\Users\Robert\Desktop\Der Pate 3
2013-09-30 15:51 - 2013-07-02 19:27 - 00000000 ____D C:\Users\Robert\Desktop\Kurse Paris
2013-09-24 22:32 - 2011-11-16 17:38 - 00017408 _____ C:\Users\Robert\AppData\Local\WebpageIcons.db
2013-09-23 01:28 - 2013-10-10 00:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 01:28 - 2013-10-10 00:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 01:28 - 2013-10-10 00:26 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 01:27 - 2013-10-10 00:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 01:27 - 2013-10-10 00:26 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 01:27 - 2013-10-10 00:25 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
Files to move or delete:
====================
C:\ProgramData\hpe9E43.dll
Some content of TEMP:
====================
C:\Users\Robert\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Robert\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-21 16:48
==================== End Of Log ============================
|
|
22.10.2013, 17:04
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Du kannst was Spenden wenn du magst Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF NetworkProxy: "http", "91.228.53.28"
FF NetworkProxy: "http_port", 8089
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.10.2013, 17:16
| #13 |
| | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Der abschließende Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-10-2013
Ran by Robert at 2013-10-22 18:13:20 Run:2
Running from C:\Users\Robert\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
FF NetworkProxy: "http", "91.228.53.28"
FF NetworkProxy: "http_port", 8089
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
*****************
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
==== End of Fixlog ====
|
|
23.10.2013, 07:09
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.10.2013, 15:36
| #15 |
| | Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert Wunderbar! Eine letzte Frage noch: muss ich mein Online-Banking und andere wichtige Accounts überprüfen, weil es sein könnte, dass ich ausgespäht worden bin? Mit deinen Tips hoffe ich, dass ich in Zukunft nicht mehr auf eure Hilfe angewiesen bin! Und nochmals vielen, vielen Dank für Deine Hilfe Schrauber, weiß nicht, was ich sonst gemacht hätte! Beste Grüße Robertus |
|
| Themen zu Windows 7: Datein auf USB-Stick werden ungewollt zu Verknüpfungen verändert |
| 4d36e972-e325-11ce-bfc1-08002be10318, bonjour, browser, computer, defender, desktop, error, farbar, farbar recovery scan tool, firefox, flash player, homepage, kurse, log-datei, monitor, mozilla, plug-in, problem, programm, realtek, registry, scan, security, services.exe, software, svchost.exe, tracker, u.s./worldwide, vbs/kryptik.r, windows |
Linear-Darstellung
