|
Plagegeister aller Art und deren Bekämpfung: Sohn hat PC mit bonanzaAds infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.12.2013, 10:09 | #1 |
| Sohn hat PC mit bonanzaAds infiziert Hallo, mein Sohn hat seinen PC mit doppelt vorhandener werbung und immer wieder eingeschobenen Links (ads) auf Internetseiten unter firefox. Wir haben von der ct das Disinfect und später CCleaner und auch adwcleaner laufen lassen und einen Teil wegbekommen. Heute nun wollten wir den Check hier laufen lassen. Defogger ging noch, aber FRST warnt vor Nutzung auf einem 32-bit x64 Rechner. So einen (Medion) haben wir . Was können wir tun ? Sonst können wir die Punkte der Checkliste nicht abarbeiten. Danke buenoDad |
03.12.2013, 10:12 | #2 |
/// the machine /// TB-Ausbilder | Sohn hat PC mit bonanzaAds infiziert hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
03.12.2013, 11:02 | #3 |
| Sohn hat PC mit bonanzaAds infiziert Wir haben beide FRST Versionen runtergeladen. Nur FRST.exe läuft.
__________________Der Rechner ist ein : Intel Core2CPU, 6400, @2.1 GHz 32-bit, x64-basierter PRozessor. Also sollte FRST.exe zum Einsatz kommen. die warnen aber gleich im Startbildschirm vor dem Einsatz auf x64 Rechnern (this version will not be compatible with x64 systems). Was tun ? Trotzdem ausführen ? Danke buenoDad FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2013 Ran by Jo (administrator) on MORUK_WIN8 on 03-12-2013 10:53:33 Running from C:\Users\Jo\Desktop Microsoft Windows 8 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Megaify Software Co., Ltd.) C:\Program Files\DriverToolkit\DriverToolkit.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Pinnacle Systems GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Ralink Technology, Corp.) C:\Program Files\RALINK\Common\RaUI.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe () C:\Users\Jo\Desktop\Defogger.exe (Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.) HKLM\...\Run: [USB2Check] - RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController HKLM\...\Run: [USBToolTip] - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [202312 2006-10-16] (Pinnacle Systems GmbH) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.de SearchScopes: HKLM - DefaultScope value is missing. Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\t6qzna1v.default-1382526775413 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DownloadHelper - C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\t6qzna1v.default-1382526775413\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-01] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137208 2013-11-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG) R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation) R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx86.sys [43344 2013-11-16] () R3 FETNDIS; C:\Windows\system32\DRIVERS\fetn63.sys [48128 2012-06-02] (VIA Technologies, Inc. ) R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) R3 MarvinBus; C:\Windows\System32\drivers\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) R3 NuidFltr; C:\Windows\System32\drivers\NuidFltr.sys [16768 2011-04-08] (Microsoft Corporation) R3 pepifilter; C:\Windows\system32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.) S3 Ph3xIB32; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [1311232 2011-05-31] (NXP Semiconductors) R3 PID_PEPI; C:\Windows\system32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) R3 PinnacleMarvinAVS; C:\Windows\system32\DRIVERS\MarvinAVS.sys [434176 2007-05-09] (Pinnacle a division of Avid Technology, Inc.) R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2013-09-04] (Avira GmbH) R3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-03 10:53 - 2013-12-03 10:53 - 00008308 _____ C:\Users\Jo\Desktop\FRST.txt 2013-12-03 10:52 - 2013-12-03 10:52 - 00000000 ____D C:\FRST 2013-12-03 10:16 - 2013-12-03 10:16 - 01092389 _____ (Farbar) C:\Users\Jo\Desktop\FRST.exe 2013-12-03 10:12 - 2013-12-03 10:12 - 00377856 _____ C:\Users\Jo\Downloads\y6o9x316.exe 2013-12-03 09:55 - 2013-12-03 09:56 - 00000466 _____ C:\Users\Jo\Desktop\defogger_disable.log 2013-12-03 09:55 - 2013-12-03 09:55 - 00000000 _____ C:\Users\Jo\defogger_reenable 2013-12-03 09:54 - 2013-12-03 09:54 - 00050477 _____ C:\Users\Jo\Desktop\Defogger.exe 2013-12-03 09:37 - 2013-12-03 09:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jo\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-03 09:37 - 2013-12-03 09:37 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Malwarebytes 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-12-03 09:37 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-03 09:33 - 2013-12-03 09:33 - 00001749 _____ C:\Users\Jo\Desktop\Fixlist.txt 2013-12-03 09:25 - 2013-12-03 09:26 - 00000000 ____D C:\AdwCleaner 2013-12-03 09:24 - 2013-12-03 09:24 - 01110034 _____ C:\Users\Jo\Desktop\adwcleaner.exe 2013-12-02 12:13 - 2013-12-02 12:13 - 01635393 _____ C:\Users\Jo\Downloads\wlan_xg602.exe 2013-12-02 12:12 - 2013-12-02 12:12 - 01570500 _____ C:\Users\Jo\Downloads\wlanwid2000winxp.exe 2013-12-02 12:06 - 2013-12-02 12:06 - 04894616 _____ (Hewlett-Packard Company ) C:\Users\Jo\Downloads\sp45112.exe 2013-12-02 12:00 - 2013-12-02 12:00 - 00269613 _____ (Medion AG) C:\Users\Jo\Downloads\wlan_rt257xusb(vista).exe 2013-12-02 11:56 - 2013-12-03 09:27 - 00065584 _____ C:\Windows\WindowsUpdate.log 2013-12-01 16:41 - 2013-12-01 16:41 - 00763904 _____ C:\Users\Jo\Desktop\BBC Sherlock - Anderson, nicht laut reden.mpg 2013-12-01 16:38 - 2013-12-01 16:39 - 02557952 _____ C:\Users\Jo\Desktop\BBC Sherlock - Andersons Gesicht stört.mpg 2013-12-01 16:38 - 2013-12-01 16:38 - 01197749 _____ C:\Users\Jo\Desktop\BBC Sherlock - Andersons Gesicht stört.flv 2013-12-01 16:37 - 2013-12-01 16:37 - 01101232 _____ C:\Users\Jo\Desktop\BBC Sherlock - Andersons Gesicht stört.mp4 2013-12-01 15:54 - 2013-12-01 15:55 - 30280003 _____ C:\Users\Jo\Desktop\Sherlock Holmes Kampfszene Deutsch.failed-conv.mp4 2013-12-01 15:32 - 2013-12-01 15:34 - 46237504 _____ C:\Users\Jo\Desktop\Sherlock Holmes Kampfszene Deutsch.failed-conv.flv 2013-12-01 12:14 - 2013-12-01 12:14 - 12477064 _____ C:\Users\Jo\Desktop\NEX1.psd 2013-11-30 20:13 - 2013-12-03 09:49 - 00001686 _____ C:\Windows\PFRO.log 2013-11-30 20:09 - 2013-11-30 20:10 - 00065100 _____ C:\Users\Jo\Desktop\cc_20131130_200905.reg 2013-11-30 19:58 - 2013-11-30 20:04 - 00000000 ____D C:\Program Files\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\Users\Jo\AppData\Roaming\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\ProgramData\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\Program Files\Common Files\AVSMedia 2013-11-30 19:58 - 2010-05-11 14:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll 2013-11-30 19:50 - 2013-11-30 19:54 - 00000000 ____D C:\Program Files\Free Window Registry Repair 2013-11-30 19:50 - 2013-11-30 19:50 - 00001005 _____ C:\Users\Jo\Desktop\Free Window Registry Repair.lnk 2013-11-30 19:50 - 2013-11-30 19:50 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair 2013-11-21 20:18 - 2013-11-21 20:20 - 41174438 _____ C:\Users\Jo\Desktop\ASSASSIN_S CREED 4 SONG - Beneath The Black Flag.failed-conv.flv 2013-11-19 17:32 - 2013-11-19 17:32 - 00000000 ____D C:\Windows\LastGood 2013-11-17 13:52 - 2013-11-17 13:52 - 00000000 ____D C:\Windows\LastGood.Tmp 2013-11-17 13:19 - 2013-11-30 20:08 - 00000000 ____D C:\Windows\Minidump 2013-11-17 12:24 - 2013-11-30 20:13 - 00522312 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-16 20:53 - 2013-12-03 09:49 - 00000362 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2013-11-16 20:26 - 2004-09-24 01:25 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll 2013-11-16 20:26 - 2003-03-19 08:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll 2013-11-16 20:26 - 2002-07-26 17:02 - 00153088 _____ C:\Program Files\UNWISE.EXE 2013-11-16 20:25 - 2013-11-17 13:52 - 00000000 ____D C:\Program Files\Pinnacle 2013-11-16 20:25 - 2013-11-16 20:25 - 00000000 ____D C:\Users\Jo\AppData\Local\Downloaded Installations 2013-11-16 20:25 - 2007-05-09 09:36 - 00434176 _____ (Pinnacle a division of Avid Technology, Inc.) C:\Windows\system32\Drivers\MarvinAVS.sys 2013-11-16 20:25 - 2007-02-20 13:09 - 00081920 _____ (Pinnacle Systems) C:\Windows\system32\PCLECoInst.dll 2013-11-16 20:25 - 2006-05-09 09:24 - 00200704 _____ (Pinnacle Systems) C:\Windows\system32\MarvinUsb.ax 2013-11-16 20:24 - 2013-11-16 20:24 - 06766520 _____ (Pinnacle Systems ) C:\Users\Jo\Downloads\PCLEUSB2x32.exe 2013-11-16 20:17 - 2013-11-16 20:17 - 00001029 _____ C:\Users\Public\Desktop\DriverToolkit.lnk 2013-11-16 20:17 - 2013-11-16 20:17 - 00000000 ____D C:\Users\Jo\AppData\Local\DriverToolkit 2013-11-16 20:17 - 2013-11-16 20:17 - 00000000 ____D C:\Program Files\DriverToolkit 2013-11-16 20:16 - 2013-11-16 20:16 - 02241694 _____ (Megaify Software ) C:\Users\Jo\Downloads\driver_setup.exe 2013-11-16 20:05 - 2013-11-16 20:05 - 01908225 _____ C:\Users\Jo\Downloads\nw_28186_virtualdubzip.zip 2013-11-16 19:53 - 2013-11-16 19:53 - 00043344 _____ C:\Windows\system32\Drivers\debutfilterx86.sys 2013-11-16 19:53 - 2013-11-16 19:53 - 00001088 _____ C:\Users\Public\Desktop\Debut Videorekorder.lnk 2013-11-16 19:42 - 2013-11-16 19:42 - 00000000 ____D C:\ProgramData\CyberLink 2013-11-16 18:07 - 2013-11-16 18:07 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2013-11-16 18:07 - 2013-11-16 18:07 - 00000000 ____D C:\Program Files\AviSynth 2.5 2013-11-16 18:06 - 2013-11-16 18:06 - 04182178 _____ (The Public) C:\Users\Jo\Downloads\avisynth_258.exe 2013-11-16 08:28 - 2013-11-16 08:29 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-15 15:00 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-11-15 15:00 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-11-14 17:25 - 2013-11-16 18:40 - 00000000 ____D C:\ProgramData\PMS 2013-11-14 17:12 - 2013-11-14 17:12 - 05205145 _____ C:\Users\Jo\Downloads\pms-1.90.1-setup-full.zip.part 2013-11-14 13:02 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-14 13:01 - 2013-10-10 11:07 - 00038744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys 2013-11-14 13:01 - 2013-10-10 10:29 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-14 13:01 - 2013-10-10 10:28 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2013-11-14 13:01 - 2013-10-03 00:41 - 01075712 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-14 13:01 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-14 13:01 - 2013-09-13 23:58 - 00052656 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-11-14 13:01 - 2013-09-13 23:36 - 02600448 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 01556992 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-11-14 13:01 - 2013-08-30 01:44 - 00054104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys 2013-11-14 13:01 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll 2013-11-14 13:01 - 2013-08-21 05:28 - 00407384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2013-11-14 13:01 - 2013-08-10 06:24 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2013-11-14 13:01 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2013-11-14 13:01 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2013-11-14 13:01 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2013-11-14 13:00 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-14 13:00 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2013-11-14 12:59 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-14 12:59 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-14 12:59 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-03 19:13 - 2013-11-03 19:16 - 47093932 _____ C:\Users\Jo\Desktop\Milky Chance - Down by the River.failed-conv.flv 2013-11-03 18:25 - 2013-11-03 18:28 - 24723199 _____ C:\Users\Jo\Desktop\Milky Chance - Stolen Dance (LYRICS).failed-conv.flv 2013-11-03 18:07 - 2013-11-03 18:10 - 24723199 _____ C:\Users\Jo\Desktop\Milky Chance - Stolen Dance (LYRICS).flv ==================== One Month Modified Files and Folders ======= 2013-12-03 10:53 - 2013-12-03 10:53 - 00008308 _____ C:\Users\Jo\Desktop\FRST.txt 2013-12-03 10:52 - 2013-12-03 10:52 - 00000000 ____D C:\FRST 2013-12-03 10:51 - 2013-09-06 17:50 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Skype 2013-12-03 10:39 - 2013-09-07 14:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-03 10:16 - 2013-12-03 10:16 - 01092389 _____ (Farbar) C:\Users\Jo\Desktop\FRST.exe 2013-12-03 10:12 - 2013-12-03 10:12 - 00377856 _____ C:\Users\Jo\Downloads\y6o9x316.exe 2013-12-03 10:00 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\system32\sru 2013-12-03 09:56 - 2013-12-03 09:55 - 00000466 _____ C:\Users\Jo\Desktop\defogger_disable.log 2013-12-03 09:55 - 2013-12-03 09:55 - 00000000 _____ C:\Users\Jo\defogger_reenable 2013-12-03 09:55 - 2013-09-04 07:48 - 00000000 ____D C:\Users\Jo 2013-12-03 09:54 - 2013-12-03 09:54 - 00050477 _____ C:\Users\Jo\Desktop\Defogger.exe 2013-12-03 09:49 - 2013-11-30 20:13 - 00001686 _____ C:\Windows\PFRO.log 2013-12-03 09:49 - 2013-11-16 20:53 - 00000362 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2013-12-03 09:49 - 2012-07-26 07:53 - 00000000 ___RD C:\Windows\DesktopTileResources 2013-12-03 09:49 - 2012-07-26 07:04 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-03 09:48 - 2012-07-26 05:17 - 00524288 ___SH C:\Windows\system32\config\BBI 2013-12-03 09:37 - 2013-12-03 09:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jo\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-03 09:37 - 2013-12-03 09:37 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Malwarebytes 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-12-03 09:33 - 2013-12-03 09:33 - 00001749 _____ C:\Users\Jo\Desktop\Fixlist.txt 2013-12-03 09:27 - 2013-12-02 11:56 - 00065584 _____ C:\Windows\WindowsUpdate.log 2013-12-03 09:26 - 2013-12-03 09:25 - 00000000 ____D C:\AdwCleaner 2013-12-03 09:26 - 2013-10-23 08:23 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat 2013-12-03 09:26 - 2013-09-04 07:49 - 00001146 _____ C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-03 09:24 - 2013-12-03 09:24 - 01110034 _____ C:\Users\Jo\Desktop\adwcleaner.exe 2013-12-03 09:21 - 2013-09-04 15:47 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-02 18:19 - 2013-09-04 07:44 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-02 12:22 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\Microsoft.NET 2013-12-02 12:13 - 2013-12-02 12:13 - 01635393 _____ C:\Users\Jo\Downloads\wlan_xg602.exe 2013-12-02 12:13 - 2013-09-06 16:28 - 00000000 ____D C:\Medion 2013-12-02 12:12 - 2013-12-02 12:12 - 01570500 _____ C:\Users\Jo\Downloads\wlanwid2000winxp.exe 2013-12-02 12:06 - 2013-12-02 12:06 - 04894616 _____ (Hewlett-Packard Company ) C:\Users\Jo\Downloads\sp45112.exe 2013-12-02 12:00 - 2013-12-02 12:00 - 00269613 _____ (Medion AG) C:\Users\Jo\Downloads\wlan_rt257xusb(vista).exe 2013-12-02 11:56 - 2013-09-06 17:50 - 00000000 ___RD C:\Program Files\Skype 2013-12-02 11:56 - 2013-09-06 17:50 - 00000000 ____D C:\ProgramData\Skype 2013-12-01 17:22 - 2013-09-13 16:04 - 01486848 ___SH C:\Users\Jo\Desktop\Thumbs.db 2013-12-01 16:54 - 2013-09-04 16:06 - 00000000 ____D C:\Users\Jo\AppData\Roaming\vlc 2013-12-01 16:41 - 2013-12-01 16:41 - 00763904 _____ C:\Users\Jo\Desktop\BBC Sherlock - Anderson, nicht laut reden.mpg 2013-12-01 16:39 - 2013-12-01 16:38 - 02557952 _____ C:\Users\Jo\Desktop\BBC Sherlock - Andersons Gesicht stört.mpg 2013-12-01 16:38 - 2013-12-01 16:38 - 01197749 _____ C:\Users\Jo\Desktop\BBC Sherlock - Andersons Gesicht stört.flv 2013-12-01 16:37 - 2013-12-01 16:37 - 01101232 _____ C:\Users\Jo\Desktop\BBC Sherlock - Andersons Gesicht stört.mp4 2013-12-01 15:55 - 2013-12-01 15:54 - 30280003 _____ C:\Users\Jo\Desktop\Sherlock Holmes Kampfszene Deutsch.failed-conv.mp4 2013-12-01 15:34 - 2013-12-01 15:32 - 46237504 _____ C:\Users\Jo\Desktop\Sherlock Holmes Kampfszene Deutsch.failed-conv.flv 2013-12-01 14:48 - 2013-09-04 07:49 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Adobe 2013-12-01 12:14 - 2013-12-01 12:14 - 12477064 _____ C:\Users\Jo\Desktop\NEX1.psd 2013-11-30 20:13 - 2013-11-17 12:24 - 00522312 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-30 20:10 - 2013-11-30 20:09 - 00065100 _____ C:\Users\Jo\Desktop\cc_20131130_200905.reg 2013-11-30 20:08 - 2013-11-17 13:19 - 00000000 ____D C:\Windows\Minidump 2013-11-30 20:08 - 2013-10-17 16:56 - 00000000 ____D C:\Users\Jo\AppData\Roaming\inkscape 2013-11-30 20:08 - 2013-09-05 05:38 - 00000000 ____D C:\Windows\Panther 2013-11-30 20:04 - 2013-11-30 19:58 - 00000000 ____D C:\Program Files\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\Users\Jo\AppData\Roaming\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\ProgramData\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\Program Files\Common Files\AVSMedia 2013-11-30 19:54 - 2013-11-30 19:50 - 00000000 ____D C:\Program Files\Free Window Registry Repair 2013-11-30 19:50 - 2013-11-30 19:50 - 00001005 _____ C:\Users\Jo\Desktop\Free Window Registry Repair.lnk 2013-11-30 19:50 - 2013-11-30 19:50 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair 2013-11-30 14:16 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\system32\NDF 2013-11-21 20:20 - 2013-11-21 20:18 - 41174438 _____ C:\Users\Jo\Desktop\ASSASSIN_S CREED 4 SONG - Beneath The Black Flag.failed-conv.flv 2013-11-21 14:52 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\AUInstallAgent 2013-11-19 17:47 - 2013-09-29 13:43 - 00014068 _____ C:\Windows\system32\lvcoinst.log 2013-11-19 17:32 - 2013-11-19 17:32 - 00000000 ____D C:\Windows\LastGood 2013-11-17 14:31 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\rescache 2013-11-17 13:52 - 2013-11-17 13:52 - 00000000 ____D C:\Windows\LastGood.Tmp 2013-11-17 13:52 - 2013-11-16 20:25 - 00000000 ____D C:\Program Files\Pinnacle 2013-11-17 13:21 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\System 2013-11-17 12:23 - 2013-10-23 12:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-11-16 20:25 - 2013-11-16 20:25 - 00000000 ____D C:\Users\Jo\AppData\Local\Downloaded Installations 2013-11-16 20:24 - 2013-11-16 20:24 - 06766520 _____ (Pinnacle Systems ) C:\Users\Jo\Downloads\PCLEUSB2x32.exe 2013-11-16 20:17 - 2013-11-16 20:17 - 00001029 _____ C:\Users\Public\Desktop\DriverToolkit.lnk 2013-11-16 20:17 - 2013-11-16 20:17 - 00000000 ____D C:\Users\Jo\AppData\Local\DriverToolkit 2013-11-16 20:17 - 2013-11-16 20:17 - 00000000 ____D C:\Program Files\DriverToolkit 2013-11-16 20:16 - 2013-11-16 20:16 - 02241694 _____ (Megaify Software ) C:\Users\Jo\Downloads\driver_setup.exe 2013-11-16 20:05 - 2013-11-16 20:05 - 01908225 _____ C:\Users\Jo\Downloads\nw_28186_virtualdubzip.zip 2013-11-16 19:53 - 2013-11-16 19:53 - 00043344 _____ C:\Windows\system32\Drivers\debutfilterx86.sys 2013-11-16 19:53 - 2013-11-16 19:53 - 00001088 _____ C:\Users\Public\Desktop\Debut Videorekorder.lnk 2013-11-16 19:52 - 2012-07-26 05:43 - 00000000 ___RD C:\Users\Public 2013-11-16 19:44 - 2013-09-13 15:26 - 00000000 ____D C:\Daten_Joachim 2013-11-16 19:42 - 2013-11-16 19:42 - 00000000 ____D C:\ProgramData\CyberLink 2013-11-16 18:40 - 2013-11-14 17:25 - 00000000 ____D C:\ProgramData\PMS 2013-11-16 18:07 - 2013-11-16 18:07 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2013-11-16 18:07 - 2013-11-16 18:07 - 00000000 ____D C:\Program Files\AviSynth 2.5 2013-11-16 18:06 - 2013-11-16 18:06 - 04182178 _____ (The Public) C:\Users\Jo\Downloads\avisynth_258.exe 2013-11-16 08:29 - 2013-11-16 08:28 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-15 14:56 - 2012-07-26 07:53 - 00000000 ___RD C:\Windows\ToastData 2013-11-15 14:56 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\WinStore 2013-11-15 14:56 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\system32\de-DE 2013-11-14 17:12 - 2013-11-14 17:12 - 05205145 _____ C:\Users\Jo\Downloads\pms-1.90.1-setup-full.zip.part 2013-11-14 13:32 - 2013-09-12 13:11 - 00000000 ____D C:\Windows\system32\MRT 2013-11-14 13:30 - 2013-09-04 16:52 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-14 12:48 - 2013-09-04 15:47 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-11-05 23:58 - 2013-11-15 15:00 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-11-05 23:58 - 2013-11-15 15:00 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-11-03 19:16 - 2013-11-03 19:13 - 47093932 _____ C:\Users\Jo\Desktop\Milky Chance - Down by the River.failed-conv.flv 2013-11-03 18:28 - 2013-11-03 18:25 - 24723199 _____ C:\Users\Jo\Desktop\Milky Chance - Stolen Dance (LYRICS).failed-conv.flv 2013-11-03 18:10 - 2013-11-03 18:07 - 24723199 _____ C:\Users\Jo\Desktop\Milky Chance - Stolen Dance (LYRICS).flv Files to move or delete: ==================== C:\Users\Jo\AppData\Roaming\Camdata.ini C:\Users\Jo\AppData\Roaming\CamLayout.ini C:\Users\Jo\AppData\Roaming\CamShapes.ini Some content of TEMP: ==================== C:\Users\Jo\AppData\Local\Temp\avgnt.exe C:\Users\Jo\AppData\Local\Temp\Quarantine.exe C:\Users\Jo\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-28 14:35 ==================== End Of Log ============================ --- --- --- --- --- --- [/CODE] und Additions : Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2013 Ran by Jo at 2013-12-03 10:54:07 Running from C:\Users\Jo\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 54Mbps WLAN Card 7-Zip 9.20 Adobe Bridge 1.0 (Version: 001.000.001) Adobe Common File Installer (Version: 1.00.001) Adobe Flash Player 11 Plugin (Version: 11.9.900.117) Adobe Help Center 1.0 (Version: 1.0.1) Adobe Photoshop CS2 (Version: 9.0) Adobe Stock Photos 1.0 (Version: 1.0.1) Apple Application Support (Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (Version: 2.1.3.127) Avira Free Antivirus (Version: 14.0.1.759) AviSynth 2.5 Blender (Version: 2.68a) Bonjour (Version: 3.0.0.10) ConvertHelper 2.2 D3DX10 (Version: 15.4.2368.0902) Debut Videorekorder DriverToolkit version 8.1.1.0 (Version: 8.1.1.0) Fotogalerie (Version: 16.4.3508.0205) Fox Magic Audio Recorder 1.0 Free Window Registry Repair Google Update Helper (Version: 1.3.23.0) iCloud (Version: 2.1.2.8) iFree Skype Recorder 6.0.6 (Version: 6.0.6) Inkscape 0.48.4 (Version: 0.48.4) IrfanView (remove only) (Version: 4.36) iTunes (Version: 11.1.2.32) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Movie Maker (Version: 16.4.3508.0205) Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1) Mozilla Maintenance Service (Version: 25.0.1) MSVCRT (Version: 15.4.2862.0708) MSVCRT110 (Version: 16.4.1108.0727) OpenOffice 4.0.0 (Version: 4.00.9702) Photo Common (Version: 16.4.3508.0205) Photo Gallery (Version: 16.4.3508.0205) Pinnacle Systems USB-2 Device Drivers (Version: 2.00.0014) Platform (Version: 1.39) Ralink Wireless LAN Card (Version: 1.00.01) Realtek High Definition Audio Driver (Version: 6.0.1.6873) Skype™ 6.11 (Version: 6.11.102) VIA Plattform-Geräte-Manager (Version: 1.39) VideoPad Videobearbeitungs-Software VLC media player 2.0.8 (Version: 2.0.8) Windows Live Communications Platform (Version: 16.4.3508.0205) Windows Live Essentials (Version: 16.4.3508.0205) Windows Live Installer (Version: 16.4.3508.0205) Windows Live Photo Common (Version: 16.4.3508.0205) Windows Live PIMT Platform (Version: 16.4.3508.0205) Windows Live SOXE (Version: 16.4.3508.0205) Windows Live SOXE Definitions (Version: 16.4.3508.0205) Windows Live UX Platform (Version: 16.4.3508.0205) Windows Live UX Platform Language Pack (Version: 16.4.3508.0205) ==================== Restore Points ========================= 16-11-2013 19:25:15 Installed Pinnacle Systems USB-2 Device Drivers. 24-11-2013 08:20:35 Geplanter Prüfpunkt 30-11-2013 18:59:00 Erster Start von AVS Registry Cleaner ==================== Hosts content: ========================== 2012-07-26 05:17 - 2012-07-26 05:17 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {4B3B63BE-F7A8-4DC1-AAFF-745FE458CC6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated) Task: {4B3CBEB1-04DF-411F-BA48-1153DAC09337} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {A9F5A8E0-C186-4DBC-9453-2B7DC24A8E2B} - System32\Tasks\DriverToolkit Autorun => C:\Program Files\DriverToolkit\DriverToolkit.exe [2013-10-18] (Megaify Software Co., Ltd.) Task: {D2CF7C21-2435-4330-9CFB-172983164F49} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-16 20:17 - 2013-04-09 22:55 - 00093032 _____ () C:\Program Files\DriverToolkit\zlibwapi.dll 2013-11-16 08:28 - 2013-11-16 08:29 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2005-04-06 06:52 - 2005-04-06 06:52 - 01327104 _____ () C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: USB camera Description: USB camera Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Netzwerkcontroller Description: Netzwerkcontroller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/03/2013 09:19:48 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 46988375 Error: (12/03/2013 09:19:48 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 46988375 Error: (12/03/2013 09:19:48 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/02/2013 06:15:32 PM) (Source: Desktop Window Manager) (User: ) Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt. Error: (12/02/2013 06:05:06 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15609 Error: (12/02/2013 06:05:06 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15609 Error: (12/02/2013 06:05:06 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/02/2013 05:59:54 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 25.0.1.5064 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 162c Startzeit: 01ceef680abb23e7 Endzeit: 3552 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: f74a9fa1-5b72-11e3-afbd-0019db597c6c Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (12/02/2013 11:53:53 AM) (Source: Desktop Window Manager) (User: ) Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt. Error: (12/02/2013 11:53:51 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 64242922 System errors: ============= Error: (12/03/2013 09:30:22 AM) (Source: DCOM) (User: MORUK_WIN8) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Moruk_Win8JoS-1-5-21-1046511711-2107949684-1328651856-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/03/2013 09:26:58 AM) (Source: DCOM) (User: MORUK_WIN8) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (11/30/2013 08:16:51 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "BonanzaDealsLive-Dienst (bonanzadealslive)" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (11/30/2013 07:23:51 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "BonanzaDealsLive-Dienst (bonanzadealslive)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/30/2013 05:32:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "BonanzaDealsLive-Dienst (bonanzadealslive)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/23/2013 04:08:45 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 107. Error: (11/23/2013 04:08:45 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung. Error: (11/23/2013 04:08:43 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 107. Error: (11/23/2013 04:08:43 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung. Error: (11/23/2013 04:04:49 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "BonanzaDealsLive-Dienst (bonanzadealslive)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (12/03/2013 09:19:48 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 46988375 Error: (12/03/2013 09:19:48 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 46988375 Error: (12/03/2013 09:19:48 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/02/2013 06:15:32 PM) (Source: Desktop Window Manager)(User: ) Description: 0x8898008d Error: (12/02/2013 06:05:06 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15609 Error: (12/02/2013 06:05:06 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15609 Error: (12/02/2013 06:05:06 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/02/2013 05:59:54 PM) (Source: Application Hang)(User: ) Description: firefox.exe25.0.1.5064162c01ceef680abb23e73552C:\Program Files\Mozilla Firefox\firefox.exef74a9fa1-5b72-11e3-afbd-0019db597c6c Error: (12/02/2013 11:53:53 AM) (Source: Desktop Window Manager)(User: ) Description: 0x8898008d Error: (12/02/2013 11:53:51 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 64242922 ==================== Memory info =========================== Percentage of memory in use: 57% Total physical RAM: 2046.49 MB Available physical RAM: 872.84 MB Total Pagefile: 4094.49 MB Available Pagefile: 2433.79 MB Total Virtual: 2047.88 MB Available Virtual: 1844.67 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:243.62 GB) (Free:152.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:54.46 GB) (Free:40.9 GB) NTFS Drive j: (PHILIPS UFD) (Removable) (Total:7.2 GB) (Free:5.58 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B4215544) Partition 1: (Not Active) - (Size=54 GB) - (Type=OF Extended) Partition 2: (Active) - (Size=244 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) ==================== End Of Log ============================ |
04.12.2013, 10:19 | #4 |
/// the machine /// TB-Ausbilder | Sohn hat PC mit bonanzaAds infiziert Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.12.2013, 11:27 | #5 |
| Sohn hat PC mit bonanzaAds infiziert Hallo schrauber, Malwarebytes Anti-Malware hatte ich gestern vor meienr Anfrage einmal laufeun und 3 PUPs gelöscht. Heute war nun schon wieder einer da, diesmal PUP.Optional.OpenCandy. hier die Listings : Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.04.04 Windows 8 x86 NTFS Internet Explorer 10.0.9200.16736 Jo :: MAREK_WIN8 [Administrator] 04.12.2013 10:42:30 mbam-log-2013-12-04 (10-42-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 217196 Laufzeit: 8 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Jo\AppData\Local\Temp\is-9R9S7.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.014 - Bericht erstellt am 04/12/2013 um 11:03:38 # Updated 01/12/2013 von Xplode # Betriebssystem : Windows 8 (32 bits) # Benutzername : Jo - MORUK_WIN8 # Gestartet von : C:\Users\Jo\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gelöscht : C:\Windows\System32\Tasks\NCH Software ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v25.0.1 (de) [ Datei : C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\t6qzna1v.default-1382526775413\prefs.js ] ************************* AdwCleaner[R0].txt - [13364 octets] - [03/12/2013 09:25:20] AdwCleaner[R1].txt - [959 octets] - [04/12/2013 10:56:49] AdwCleaner[S0].txt - [12251 octets] - [03/12/2013 09:26:20] AdwCleaner[S1].txt - [881 octets] - [04/12/2013 11:03:38] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [940 octets] ########## JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows 8 x86 Ran by Jo on 04.12.2013 at 11:10:41,42 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411411168} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Folder] "C:\Users\Jo\appdata\local\appshat mobile apps" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair" Successfully deleted: [Folder] "C:\Users\Jo\AppData\Roaming\microsoft\windows\start menu\programs\free window registry repair" ~~~ FireFox Emptied folder: C:\Users\Jo\AppData\Roaming\mozilla\firefox\profiles\t6qzna1v.default-1382526775413\minidumps [5 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 04.12.2013 at 11:13:17,44 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2013 02 Ran by Jo (administrator) on MORUK_WIN8 on 04-12-2013 11:17:18 Running from C:\Users\Jo\Downloads Microsoft Windows 8 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Megaify Software Co., Ltd.) C:\Program Files\DriverToolkit\DriverToolkit.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe (Pinnacle Systems GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Ralink Technology, Corp.) C:\Program Files\RALINK\Common\RaUI.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.) HKLM\...\Run: [USB2Check] - RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController HKLM\...\Run: [USBToolTip] - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [202312 2006-10-16] (Pinnacle Systems GmbH) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.de SearchScopes: HKLM - DefaultScope value is missing. Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\t6qzna1v.default-1382526775413 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-01] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137208 2013-11-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG) R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation) R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx86.sys [43344 2013-11-16] () R3 FETNDIS; C:\Windows\system32\DRIVERS\fetn63.sys [48128 2012-06-02] (VIA Technologies, Inc. ) R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) R3 MarvinBus; C:\Windows\System32\drivers\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) R3 NuidFltr; C:\Windows\System32\drivers\NuidFltr.sys [16768 2011-04-08] (Microsoft Corporation) R3 pepifilter; C:\Windows\system32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.) R3 Ph3xIB32; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [1311232 2011-05-31] (NXP Semiconductors) R3 PID_PEPI; C:\Windows\system32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) R3 PinnacleMarvinAVS; C:\Windows\system32\DRIVERS\MarvinAVS.sys [434176 2007-05-09] (Pinnacle a division of Avid Technology, Inc.) R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2013-09-04] (Avira GmbH) R3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-04 11:16 - 2013-12-04 11:17 - 00008042 _____ C:\Users\Jo\Downloads\FRST.txt 2013-12-04 11:15 - 2013-12-04 11:16 - 01092545 _____ (Farbar) C:\Users\Jo\Downloads\FRST.exe 2013-12-04 11:13 - 2013-12-04 11:13 - 00001278 _____ C:\Users\Jo\Desktop\JRT.txt 2013-12-04 11:10 - 2013-12-04 11:10 - 00000000 ____D C:\Windows\ERUNT 2013-12-04 11:07 - 2013-12-04 11:07 - 01034531 _____ (Thisisu) C:\Users\Jo\Desktop\JRT.exe 2013-12-03 19:36 - 2013-12-03 19:36 - 25034360 _____ (PortableApps.com) C:\Users\Jo\Downloads\vlcportable_2.1.1.paf.exe 2013-12-03 19:24 - 2013-12-03 19:24 - 00000000 ____D C:\Users\Jo\Downloads\IrfanViewPortable 2013-12-03 19:02 - 2013-12-03 19:02 - 11288823 _____ C:\Users\Jo\Desktop\Fertig.psd 2013-12-03 17:56 - 2013-12-03 17:57 - 16896844 _____ C:\Users\Jo\Desktop\12.mp4 2013-12-03 17:35 - 2013-12-03 17:36 - 05326938 _____ C:\Users\Jo\Desktop\9.mp4 2013-12-03 17:20 - 2013-12-03 19:52 - 00000000 ____D C:\Users\Jo\Desktop\Youtube downloader 2013-12-03 17:20 - 2013-12-03 17:20 - 00654271 _____ C:\Users\Jo\Desktop\8.mp4 2013-12-03 17:18 - 2013-12-03 17:35 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Youtube Downloader HD 2013-12-03 17:18 - 2013-12-03 17:18 - 00001115 _____ C:\Users\Jo\Desktop\Youtube Downloader HD.lnk 2013-12-03 17:18 - 2013-12-03 17:18 - 00000000 ____D C:\Program Files\Youtube Downloader HD 2013-12-03 17:12 - 2013-12-03 17:12 - 09663232 _____ (YoutubeDownloaderHD.com ) C:\Users\Jo\Downloads\youtube_downloader_hd_setup.exe 2013-12-03 11:05 - 2013-12-03 11:05 - 00000238 _____ C:\Users\Jo\Desktop\defogger_enable.log 2013-12-03 10:54 - 2013-12-03 10:54 - 00013662 _____ C:\Users\Jo\Desktop\Addition.txt 2013-12-03 10:53 - 2013-12-03 10:59 - 00029926 _____ C:\Users\Jo\Desktop\FRST.txt 2013-12-03 10:52 - 2013-12-03 10:52 - 00000000 ____D C:\FRST 2013-12-03 10:12 - 2013-12-03 10:12 - 00377856 _____ C:\Users\Jo\Downloads\y6o9x316.exe 2013-12-03 09:55 - 2013-12-03 09:56 - 00000466 _____ C:\Users\Jo\Desktop\defogger_disable.log 2013-12-03 09:54 - 2013-12-03 09:54 - 00050477 _____ C:\Users\Jo\Desktop\Defogger.exe 2013-12-03 09:37 - 2013-12-03 09:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jo\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-03 09:37 - 2013-12-03 09:37 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Malwarebytes 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-12-03 09:37 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-03 09:33 - 2013-12-03 09:33 - 00001749 _____ C:\Users\Jo\Desktop\Fixlist.txt 2013-12-03 09:25 - 2013-12-04 11:03 - 00000000 ____D C:\AdwCleaner 2013-12-03 09:24 - 2013-12-03 09:24 - 01110034 _____ C:\Users\Jo\Desktop\adwcleaner.exe 2013-12-02 12:13 - 2013-12-02 12:13 - 01635393 _____ C:\Users\Jo\Downloads\wlan_xg602.exe 2013-12-02 12:12 - 2013-12-02 12:12 - 01570500 _____ C:\Users\Jo\Downloads\wlanwid2000winxp.exe 2013-12-02 12:06 - 2013-12-02 12:06 - 04894616 _____ (Hewlett-Packard Company ) C:\Users\Jo\Downloads\sp45112.exe 2013-12-02 12:00 - 2013-12-02 12:00 - 00269613 _____ (Medion AG) C:\Users\Jo\Downloads\wlan_rt257xusb(vista).exe 2013-12-02 11:56 - 2013-12-04 06:36 - 00110655 _____ C:\Windows\WindowsUpdate.log 2013-12-01 15:54 - 2013-12-01 15:55 - 30280003 _____ C:\Users\Jo\Desktop\6.mp4 2013-12-01 12:14 - 2013-12-01 12:14 - 12477064 _____ C:\Users\Jo\Desktop\NEX1.psd 2013-11-30 20:13 - 2013-12-04 10:53 - 00002796 _____ C:\Windows\PFRO.log 2013-11-30 20:09 - 2013-11-30 20:10 - 00065100 _____ C:\Users\Jo\Desktop\cc_20131130_200905.reg 2013-11-30 19:58 - 2013-11-30 20:04 - 00000000 ____D C:\Program Files\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\Users\Jo\AppData\Roaming\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\ProgramData\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\Program Files\Common Files\AVSMedia 2013-11-30 19:58 - 2010-05-11 14:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll 2013-11-30 19:50 - 2013-11-30 19:54 - 00000000 ____D C:\Program Files\Free Window Registry Repair 2013-11-30 19:50 - 2013-11-30 19:50 - 00001005 _____ C:\Users\Jo\Desktop\Free Window Registry Repair.lnk 2013-11-19 17:32 - 2013-11-19 17:32 - 00000000 ____D C:\Windows\LastGood 2013-11-17 13:52 - 2013-11-17 13:52 - 00000000 ____D C:\Windows\LastGood.Tmp 2013-11-17 13:19 - 2013-11-30 20:08 - 00000000 ____D C:\Windows\Minidump 2013-11-17 12:24 - 2013-11-30 20:13 - 00522312 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-16 20:53 - 2013-12-04 11:05 - 00000362 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2013-11-16 20:26 - 2004-09-24 01:25 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll 2013-11-16 20:26 - 2003-03-19 08:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll 2013-11-16 20:26 - 2002-07-26 17:02 - 00153088 _____ C:\Program Files\UNWISE.EXE 2013-11-16 20:25 - 2013-11-17 13:52 - 00000000 ____D C:\Program Files\Pinnacle 2013-11-16 20:25 - 2013-11-16 20:25 - 00000000 ____D C:\Users\Jo\AppData\Local\Downloaded Installations 2013-11-16 20:25 - 2007-05-09 09:36 - 00434176 _____ (Pinnacle a division of Avid Technology, Inc.) C:\Windows\system32\Drivers\MarvinAVS.sys 2013-11-16 20:25 - 2007-02-20 13:09 - 00081920 _____ (Pinnacle Systems) C:\Windows\system32\PCLECoInst.dll 2013-11-16 20:25 - 2006-05-09 09:24 - 00200704 _____ (Pinnacle Systems) C:\Windows\system32\MarvinUsb.ax 2013-11-16 20:24 - 2013-11-16 20:24 - 06766520 _____ (Pinnacle Systems ) C:\Users\Jo\Downloads\PCLEUSB2x32.exe 2013-11-16 20:17 - 2013-11-16 20:17 - 00001029 _____ C:\Users\Public\Desktop\DriverToolkit.lnk 2013-11-16 20:17 - 2013-11-16 20:17 - 00000000 ____D C:\Users\Jo\AppData\Local\DriverToolkit 2013-11-16 20:17 - 2013-11-16 20:17 - 00000000 ____D C:\Program Files\DriverToolkit 2013-11-16 20:16 - 2013-11-16 20:16 - 02241694 _____ (Megaify Software ) C:\Users\Jo\Downloads\driver_setup.exe 2013-11-16 20:05 - 2013-11-16 20:05 - 01908225 _____ C:\Users\Jo\Downloads\nw_28186_virtualdubzip.zip 2013-11-16 19:53 - 2013-11-16 19:53 - 00043344 _____ C:\Windows\system32\Drivers\debutfilterx86.sys 2013-11-16 19:53 - 2013-11-16 19:53 - 00001088 _____ C:\Users\Public\Desktop\Debut Videorekorder.lnk 2013-11-16 19:42 - 2013-11-16 19:42 - 00000000 ____D C:\ProgramData\CyberLink 2013-11-16 18:07 - 2013-11-16 18:07 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2013-11-16 18:07 - 2013-11-16 18:07 - 00000000 ____D C:\Program Files\AviSynth 2.5 2013-11-16 18:06 - 2013-11-16 18:06 - 04182178 _____ (The Public) C:\Users\Jo\Downloads\avisynth_258.exe 2013-11-16 08:28 - 2013-11-16 08:29 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-15 15:00 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-11-15 15:00 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-11-14 17:25 - 2013-11-16 18:40 - 00000000 ____D C:\ProgramData\PMS 2013-11-14 17:12 - 2013-11-14 17:12 - 05205145 _____ C:\Users\Jo\Downloads\pms-1.90.1-setup-full.zip.part 2013-11-14 13:02 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-14 13:01 - 2013-10-10 11:07 - 00038744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys 2013-11-14 13:01 - 2013-10-10 10:29 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-14 13:01 - 2013-10-10 10:28 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2013-11-14 13:01 - 2013-10-03 00:41 - 01075712 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-14 13:01 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-14 13:01 - 2013-09-13 23:58 - 00052656 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-11-14 13:01 - 2013-09-13 23:36 - 02600448 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 01556992 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-11-14 13:01 - 2013-08-30 01:44 - 00054104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys 2013-11-14 13:01 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll 2013-11-14 13:01 - 2013-08-21 05:28 - 00407384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2013-11-14 13:01 - 2013-08-10 06:24 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2013-11-14 13:01 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2013-11-14 13:01 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2013-11-14 13:01 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2013-11-14 13:00 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-14 13:00 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2013-11-14 12:59 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-14 12:59 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-14 12:59 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll ==================== One Month Modified Files and Folders ======= 2013-12-04 11:17 - 2013-12-04 11:16 - 00008042 _____ C:\Users\Jo\Downloads\FRST.txt 2013-12-04 11:16 - 2013-12-04 11:15 - 01092545 _____ (Farbar) C:\Users\Jo\Downloads\FRST.exe 2013-12-04 11:13 - 2013-12-04 11:13 - 00001278 _____ C:\Users\Jo\Desktop\JRT.txt 2013-12-04 11:11 - 2013-09-06 17:50 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Skype 2013-12-04 11:10 - 2013-12-04 11:10 - 00000000 ____D C:\Windows\ERUNT 2013-12-04 11:09 - 2013-09-04 07:44 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-04 11:07 - 2013-12-04 11:07 - 01034531 _____ (Thisisu) C:\Users\Jo\Desktop\JRT.exe 2013-12-04 11:05 - 2013-11-16 20:53 - 00000362 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2013-12-04 11:04 - 2012-07-26 07:04 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-04 11:03 - 2013-12-03 09:25 - 00000000 ____D C:\AdwCleaner 2013-12-04 11:03 - 2012-07-26 05:17 - 00524288 ___SH C:\Windows\system32\config\BBI 2013-12-04 11:00 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\system32\sru 2013-12-04 10:53 - 2013-11-30 20:13 - 00002796 _____ C:\Windows\PFRO.log 2013-12-04 10:51 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\Web 2013-12-04 10:39 - 2013-09-07 14:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-04 06:38 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\Microsoft.NET 2013-12-04 06:36 - 2013-12-02 11:56 - 00110655 _____ C:\Windows\WindowsUpdate.log 2013-12-03 19:55 - 2013-09-13 16:04 - 01567232 ___SH C:\Users\Jo\Desktop\Thumbs.db 2013-12-03 19:52 - 2013-12-03 17:20 - 00000000 ____D C:\Users\Jo\Desktop\Youtube downloader 2013-12-03 19:36 - 2013-12-03 19:36 - 25034360 _____ (PortableApps.com) C:\Users\Jo\Downloads\vlcportable_2.1.1.paf.exe 2013-12-03 19:26 - 2013-09-04 16:06 - 00000000 ____D C:\Users\Jo\AppData\Roaming\vlc 2013-12-03 19:24 - 2013-12-03 19:24 - 00000000 ____D C:\Users\Jo\Downloads\IrfanViewPortable 2013-12-03 19:03 - 2013-09-04 07:49 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Adobe 2013-12-03 19:02 - 2013-12-03 19:02 - 11288823 _____ C:\Users\Jo\Desktop\Fertig.psd 2013-12-03 17:57 - 2013-12-03 17:56 - 16896844 _____ C:\Users\Jo\Desktop\12.mp4 2013-12-03 17:36 - 2013-12-03 17:35 - 05326938 _____ C:\Users\Jo\Desktop\9.mp4 2013-12-03 17:35 - 2013-12-03 17:18 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Youtube Downloader HD 2013-12-03 17:20 - 2013-12-03 17:20 - 00654271 _____ C:\Users\Jo\Desktop\8.mp4 2013-12-03 17:18 - 2013-12-03 17:18 - 00001115 _____ C:\Users\Jo\Desktop\Youtube Downloader HD.lnk 2013-12-03 17:18 - 2013-12-03 17:18 - 00000000 ____D C:\Program Files\Youtube Downloader HD 2013-12-03 17:12 - 2013-12-03 17:12 - 09663232 _____ (YoutubeDownloaderHD.com ) C:\Users\Jo\Downloads\youtube_downloader_hd_setup.exe 2013-12-03 11:05 - 2013-12-03 11:05 - 00000238 _____ C:\Users\Jo\Desktop\defogger_enable.log 2013-12-03 11:05 - 2013-09-04 07:48 - 00000000 ____D C:\Users\Jo 2013-12-03 10:59 - 2013-12-03 10:53 - 00029926 _____ C:\Users\Jo\Desktop\FRST.txt 2013-12-03 10:54 - 2013-12-03 10:54 - 00013662 _____ C:\Users\Jo\Desktop\Addition.txt 2013-12-03 10:52 - 2013-12-03 10:52 - 00000000 ____D C:\FRST 2013-12-03 10:12 - 2013-12-03 10:12 - 00377856 _____ C:\Users\Jo\Downloads\y6o9x316.exe 2013-12-03 09:56 - 2013-12-03 09:55 - 00000466 _____ C:\Users\Jo\Desktop\defogger_disable.log 2013-12-03 09:54 - 2013-12-03 09:54 - 00050477 _____ C:\Users\Jo\Desktop\Defogger.exe 2013-12-03 09:49 - 2012-07-26 07:53 - 00000000 ___RD C:\Windows\DesktopTileResources 2013-12-03 09:37 - 2013-12-03 09:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jo\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-03 09:37 - 2013-12-03 09:37 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Malwarebytes 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-12-03 09:33 - 2013-12-03 09:33 - 00001749 _____ C:\Users\Jo\Desktop\Fixlist.txt 2013-12-03 09:26 - 2013-10-23 08:23 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat 2013-12-03 09:26 - 2013-09-04 07:49 - 00001146 _____ C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-03 09:24 - 2013-12-03 09:24 - 01110034 _____ C:\Users\Jo\Desktop\adwcleaner.exe 2013-12-03 09:21 - 2013-09-04 15:47 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-02 12:13 - 2013-12-02 12:13 - 01635393 _____ C:\Users\Jo\Downloads\wlan_xg602.exe 2013-12-02 12:13 - 2013-09-06 16:28 - 00000000 ____D C:\Medion 2013-12-02 12:12 - 2013-12-02 12:12 - 01570500 _____ C:\Users\Jo\Downloads\wlanwid2000winxp.exe 2013-12-02 12:06 - 2013-12-02 12:06 - 04894616 _____ (Hewlett-Packard Company ) C:\Users\Jo\Downloads\sp45112.exe 2013-12-02 12:00 - 2013-12-02 12:00 - 00269613 _____ (Medion AG) C:\Users\Jo\Downloads\wlan_rt257xusb(vista).exe 2013-12-02 11:56 - 2013-09-06 17:50 - 00000000 ___RD C:\Program Files\Skype 2013-12-02 11:56 - 2013-09-06 17:50 - 00000000 ____D C:\ProgramData\Skype 2013-12-01 15:55 - 2013-12-01 15:54 - 30280003 _____ C:\Users\Jo\Desktop\6.mp4 2013-12-01 12:14 - 2013-12-01 12:14 - 12477064 _____ C:\Users\Jo\Desktop\NEX1.psd 2013-11-30 20:13 - 2013-11-17 12:24 - 00522312 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-30 20:10 - 2013-11-30 20:09 - 00065100 _____ C:\Users\Jo\Desktop\cc_20131130_200905.reg 2013-11-30 20:08 - 2013-11-17 13:19 - 00000000 ____D C:\Windows\Minidump 2013-11-30 20:08 - 2013-10-17 16:56 - 00000000 ____D C:\Users\Jo\AppData\Roaming\inkscape 2013-11-30 20:08 - 2013-09-05 05:38 - 00000000 ____D C:\Windows\Panther 2013-11-30 20:04 - 2013-11-30 19:58 - 00000000 ____D C:\Program Files\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\Users\Jo\AppData\Roaming\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\ProgramData\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\Program Files\Common Files\AVSMedia 2013-11-30 19:54 - 2013-11-30 19:50 - 00000000 ____D C:\Program Files\Free Window Registry Repair 2013-11-30 19:50 - 2013-11-30 19:50 - 00001005 _____ C:\Users\Jo\Desktop\Free Window Registry Repair.lnk 2013-11-30 14:16 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\system32\NDF 2013-11-21 14:52 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\AUInstallAgent 2013-11-19 17:47 - 2013-09-29 13:43 - 00014068 _____ C:\Windows\system32\lvcoinst.log 2013-11-19 17:32 - 2013-11-19 17:32 - 00000000 ____D C:\Windows\LastGood 2013-11-17 14:31 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\rescache 2013-11-17 13:52 - 2013-11-17 13:52 - 00000000 ____D C:\Windows\LastGood.Tmp 2013-11-17 13:52 - 2013-11-16 20:25 - 00000000 ____D C:\Program Files\Pinnacle 2013-11-17 13:21 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\System 2013-11-17 12:23 - 2013-10-23 12:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-11-16 20:25 - 2013-11-16 20:25 - 00000000 ____D C:\Users\Jo\AppData\Local\Downloaded Installations 2013-11-16 20:24 - 2013-11-16 20:24 - 06766520 _____ (Pinnacle Systems ) C:\Users\Jo\Downloads\PCLEUSB2x32.exe 2013-11-16 20:17 - 2013-11-16 20:17 - 00001029 _____ C:\Users\Public\Desktop\DriverToolkit.lnk 2013-11-16 20:17 - 2013-11-16 20:17 - 00000000 ____D C:\Users\Jo\AppData\Local\DriverToolkit 2013-11-16 20:17 - 2013-11-16 20:17 - 00000000 ____D C:\Program Files\DriverToolkit 2013-11-16 20:16 - 2013-11-16 20:16 - 02241694 _____ (Megaify Software ) C:\Users\Jo\Downloads\driver_setup.exe 2013-11-16 20:05 - 2013-11-16 20:05 - 01908225 _____ C:\Users\Jo\Downloads\nw_28186_virtualdubzip.zip 2013-11-16 19:53 - 2013-11-16 19:53 - 00043344 _____ C:\Windows\system32\Drivers\debutfilterx86.sys 2013-11-16 19:53 - 2013-11-16 19:53 - 00001088 _____ C:\Users\Public\Desktop\Debut Videorekorder.lnk 2013-11-16 19:52 - 2012-07-26 05:43 - 00000000 ___RD C:\Users\Public 2013-11-16 19:44 - 2013-09-13 15:26 - 00000000 ____D C:\Daten_Joachim 2013-11-16 19:42 - 2013-11-16 19:42 - 00000000 ____D C:\ProgramData\CyberLink 2013-11-16 18:40 - 2013-11-14 17:25 - 00000000 ____D C:\ProgramData\PMS 2013-11-16 18:07 - 2013-11-16 18:07 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2013-11-16 18:07 - 2013-11-16 18:07 - 00000000 ____D C:\Program Files\AviSynth 2.5 2013-11-16 18:06 - 2013-11-16 18:06 - 04182178 _____ (The Public) C:\Users\Jo\Downloads\avisynth_258.exe 2013-11-16 08:29 - 2013-11-16 08:28 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-15 14:56 - 2012-07-26 07:53 - 00000000 ___RD C:\Windows\ToastData 2013-11-15 14:56 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\WinStore 2013-11-15 14:56 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\system32\de-DE 2013-11-14 17:12 - 2013-11-14 17:12 - 05205145 _____ C:\Users\Jo\Downloads\pms-1.90.1-setup-full.zip.part 2013-11-14 13:32 - 2013-09-12 13:11 - 00000000 ____D C:\Windows\system32\MRT 2013-11-14 13:30 - 2013-09-04 16:52 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-14 12:48 - 2013-09-04 15:47 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-11-05 23:58 - 2013-11-15 15:00 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-11-05 23:58 - 2013-11-15 15:00 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\Users\Jo\AppData\Roaming\Camdata.ini C:\Users\Jo\AppData\Roaming\CamLayout.ini C:\Users\Jo\AppData\Roaming\CamShapes.ini Some content of TEMP: ==================== C:\Users\Jo\AppData\Local\Temp\avgnt.exe C:\Users\Jo\AppData\Local\Temp\Quarantine.exe C:\Users\Jo\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-28 14:35 ==================== End Of Log ============================ --- --- --- |
05.12.2013, 08:32 | #6 |
/// the machine /// TB-Ausbilder | Sohn hat PC mit bonanzaAds infiziertESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Sohn hat PC mit bonanzaAds infiziert |
05.12.2013, 12:31 | #7 |
| Sohn hat PC mit bonanzaAds infiziert So hier die Logfiles : Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=16eda902bae5224a8d9f2a9481b8d2f0 # engine=16141 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-12-05 09:05:49 # local_time=2013-12-05 10:05:49 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=1799 16775165 100 95 8696 7928498 1453 0 # compatibility_mode=5893 16776574 100 94 7674363 45740454 0 0 # scanned=226111 # found=0 # cleaned=0 # scan_time=4754 und Code:
ATTFilter Results of screen317's Security Check version 0.99.76 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.117 Mozilla Firefox (25.0.1) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-12-2013 01 Ran by Jo (administrator) on IKARUSWIN8 on 05-12-2013 12:26:54 Running from C:\Users\Jo\Downloads Microsoft Windows 8 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Pinnacle Systems GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Ralink Technology, Corp.) C:\Program Files\RALINK\Common\RaUI.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.) HKLM\...\Run: [USB2Check] - RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController HKLM\...\Run: [USBToolTip] - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [202312 2006-10-16] (Pinnacle Systems GmbH) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.de SearchScopes: HKLM - DefaultScope value is missing. Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\t6qzna1v.default-1382526775413 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-01] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137208 2013-11-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG) R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation) R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx86.sys [43344 2013-11-16] () R3 FETNDIS; C:\Windows\system32\DRIVERS\fetn63.sys [48128 2012-06-02] (VIA Technologies, Inc. ) R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) R3 MarvinBus; C:\Windows\System32\drivers\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) R3 NuidFltr; C:\Windows\System32\drivers\NuidFltr.sys [16768 2011-04-08] (Microsoft Corporation) R3 pepifilter; C:\Windows\system32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.) S3 Ph3xIB32; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [1311232 2011-05-31] (NXP Semiconductors) R3 PID_PEPI; C:\Windows\system32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) R3 PinnacleMarvinAVS; C:\Windows\system32\DRIVERS\MarvinAVS.sys [434176 2007-05-09] (Pinnacle a division of Avid Technology, Inc.) R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2013-09-04] (Avira GmbH) R3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-05 12:26 - 2013-12-05 12:27 - 00007877 _____ C:\Users\Jo\Downloads\FRST.txt 2013-12-05 12:26 - 2013-12-05 12:26 - 01092683 _____ (Farbar) C:\Users\Jo\Downloads\FRST.exe 2013-12-05 08:47 - 2013-12-05 08:47 - 00891184 _____ C:\Users\Jo\Desktop\SecurityCheck.exe 2013-12-05 08:43 - 2013-12-05 08:43 - 00000000 ____D C:\Program Files\ESET 2013-12-05 08:42 - 2013-12-05 08:42 - 02347384 _____ (ESET) C:\Users\Jo\Downloads\esetsmartinstaller_enu.exe 2013-12-04 11:10 - 2013-12-04 11:10 - 00000000 ____D C:\Windows\ERUNT 2013-12-04 11:07 - 2013-12-04 11:07 - 01034531 _____ (Thisisu) C:\Users\Jo\Desktop\JRT.exe 2013-12-03 19:36 - 2013-12-03 19:36 - 25034360 _____ (PortableApps.com) C:\Users\Jo\Downloads\vlcportable_2.1.1.paf.exe 2013-12-03 19:24 - 2013-12-03 19:24 - 00000000 ____D C:\Users\Jo\Downloads\IrfanViewPortable 2013-12-03 19:02 - 2013-12-03 19:02 - 11288823 _____ C:\Users\Jo\Desktop\Fertig.psd 2013-12-03 17:56 - 2013-12-03 17:57 - 16896844 _____ C:\Users\Jo\Desktop\12.mp4 2013-12-03 17:35 - 2013-12-03 17:36 - 05326938 _____ C:\Users\Jo\Desktop\9.mp4 2013-12-03 17:20 - 2013-12-03 19:52 - 00000000 ____D C:\Users\Jo\Desktop\Youtube downloader 2013-12-03 17:20 - 2013-12-03 17:20 - 00654271 _____ C:\Users\Jo\Desktop\8.mp4 2013-12-03 17:18 - 2013-12-03 17:35 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Youtube Downloader HD 2013-12-03 17:18 - 2013-12-03 17:18 - 00001115 _____ C:\Users\Jo\Desktop\Youtube Downloader HD.lnk 2013-12-03 17:18 - 2013-12-03 17:18 - 00000000 ____D C:\Program Files\Youtube Downloader HD 2013-12-03 17:12 - 2013-12-03 17:12 - 09663232 _____ (YoutubeDownloaderHD.com ) C:\Users\Jo\Downloads\youtube_downloader_hd_setup.exe 2013-12-03 10:52 - 2013-12-03 10:52 - 00000000 ____D C:\FRST 2013-12-03 10:12 - 2013-12-03 10:12 - 00377856 _____ C:\Users\Jo\Downloads\y6o9x316.exe 2013-12-03 09:54 - 2013-12-03 09:54 - 00050477 _____ C:\Users\Jo\Desktop\Defogger.exe 2013-12-03 09:37 - 2013-12-03 09:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jo\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-03 09:37 - 2013-12-03 09:37 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Malwarebytes 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-12-03 09:37 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-03 09:25 - 2013-12-04 11:03 - 00000000 ____D C:\AdwCleaner 2013-12-03 09:24 - 2013-12-03 09:24 - 01110034 _____ C:\Users\Jo\Desktop\adwcleaner.exe 2013-12-02 12:13 - 2013-12-02 12:13 - 01635393 _____ C:\Users\Jo\Downloads\wlan_xg602.exe 2013-12-02 12:12 - 2013-12-02 12:12 - 01570500 _____ C:\Users\Jo\Downloads\wlanwid2000winxp.exe 2013-12-02 12:06 - 2013-12-02 12:06 - 04894616 _____ (Hewlett-Packard Company ) C:\Users\Jo\Downloads\sp45112.exe 2013-12-02 12:00 - 2013-12-02 12:00 - 00269613 _____ (Medion AG) C:\Users\Jo\Downloads\wlan_rt257xusb(vista).exe 2013-12-02 11:56 - 2013-12-05 12:06 - 00168613 _____ C:\Windows\WindowsUpdate.log 2013-12-01 15:54 - 2013-12-01 15:55 - 30280003 _____ C:\Users\Jo\Desktop\6.mp4 2013-12-01 15:32 - 2013-12-01 15:34 - 46237504 _____ C:\Users\Jo\Desktop\Sherlock Holmes Kampfszene Deutsch.failed-conv.flv 2013-12-01 12:14 - 2013-12-01 12:14 - 12477064 _____ C:\Users\Jo\Desktop\NEX1.psd 2013-11-30 20:13 - 2013-12-04 12:31 - 00003154 _____ C:\Windows\PFRO.log 2013-11-30 20:09 - 2013-11-30 20:10 - 00065100 _____ C:\Users\Jo\Desktop\cc_20131130_200905.reg 2013-11-30 19:58 - 2013-11-30 20:04 - 00000000 ____D C:\Program Files\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\Users\Jo\AppData\Roaming\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\ProgramData\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\Program Files\Common Files\AVSMedia 2013-11-30 19:58 - 2010-05-11 14:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll 2013-11-30 19:50 - 2013-12-04 11:29 - 00000000 ____D C:\Program Files\Free Window Registry Repair 2013-11-19 17:32 - 2013-11-19 17:32 - 00000000 ____D C:\Windows\LastGood 2013-11-17 13:52 - 2013-11-17 13:52 - 00000000 ____D C:\Windows\LastGood.Tmp 2013-11-17 13:19 - 2013-11-30 20:08 - 00000000 ____D C:\Windows\Minidump 2013-11-17 12:24 - 2013-11-30 20:13 - 00522312 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-16 20:53 - 2013-12-05 08:40 - 00000362 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2013-11-16 20:26 - 2004-09-24 01:25 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll 2013-11-16 20:26 - 2003-03-19 08:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll 2013-11-16 20:26 - 2002-07-26 17:02 - 00153088 _____ C:\Program Files\UNWISE.EXE 2013-11-16 20:25 - 2013-11-17 13:52 - 00000000 ____D C:\Program Files\Pinnacle 2013-11-16 20:25 - 2013-11-16 20:25 - 00000000 ____D C:\Users\Jo\AppData\Local\Downloaded Installations 2013-11-16 20:25 - 2007-05-09 09:36 - 00434176 _____ (Pinnacle a division of Avid Technology, Inc.) C:\Windows\system32\Drivers\MarvinAVS.sys 2013-11-16 20:25 - 2007-02-20 13:09 - 00081920 _____ (Pinnacle Systems) C:\Windows\system32\PCLECoInst.dll 2013-11-16 20:25 - 2006-05-09 09:24 - 00200704 _____ (Pinnacle Systems) C:\Windows\system32\MarvinUsb.ax 2013-11-16 20:24 - 2013-11-16 20:24 - 06766520 _____ (Pinnacle Systems ) C:\Users\Jo\Downloads\PCLEUSB2x32.exe 2013-11-16 20:17 - 2013-12-04 11:28 - 00000000 ____D C:\Program Files\DriverToolkit 2013-11-16 20:17 - 2013-11-16 20:17 - 00000000 ____D C:\Users\Jo\AppData\Local\DriverToolkit 2013-11-16 20:16 - 2013-11-16 20:16 - 02241694 _____ (Megaify Software ) C:\Users\Jo\Downloads\driver_setup.exe 2013-11-16 20:05 - 2013-11-16 20:05 - 01908225 _____ C:\Users\Jo\Downloads\nw_28186_virtualdubzip.zip 2013-11-16 19:53 - 2013-11-16 19:53 - 00043344 _____ C:\Windows\system32\Drivers\debutfilterx86.sys 2013-11-16 19:53 - 2013-11-16 19:53 - 00001088 _____ C:\Users\Public\Desktop\Debut Videorekorder.lnk 2013-11-16 19:42 - 2013-11-16 19:42 - 00000000 ____D C:\ProgramData\CyberLink 2013-11-16 18:07 - 2013-11-16 18:07 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2013-11-16 18:07 - 2013-11-16 18:07 - 00000000 ____D C:\Program Files\AviSynth 2.5 2013-11-16 18:06 - 2013-11-16 18:06 - 04182178 _____ (The Public) C:\Users\Jo\Downloads\avisynth_258.exe 2013-11-16 08:28 - 2013-11-16 08:29 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-15 15:00 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-11-15 15:00 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-11-14 17:25 - 2013-11-16 18:40 - 00000000 ____D C:\ProgramData\PMS 2013-11-14 17:12 - 2013-11-14 17:12 - 05205145 _____ C:\Users\Jo\Downloads\pms-1.90.1-setup-full.zip.part 2013-11-14 13:02 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-14 13:01 - 2013-10-10 11:07 - 00038744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys 2013-11-14 13:01 - 2013-10-10 10:29 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-14 13:01 - 2013-10-10 10:28 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2013-11-14 13:01 - 2013-10-03 00:41 - 01075712 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-14 13:01 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-14 13:01 - 2013-09-13 23:58 - 00052656 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-11-14 13:01 - 2013-09-13 23:36 - 02600448 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 01556992 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-11-14 13:01 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-11-14 13:01 - 2013-08-30 01:44 - 00054104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys 2013-11-14 13:01 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll 2013-11-14 13:01 - 2013-08-21 05:28 - 00407384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2013-11-14 13:01 - 2013-08-10 06:24 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2013-11-14 13:01 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2013-11-14 13:01 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2013-11-14 13:01 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2013-11-14 13:00 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-14 13:00 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2013-11-14 12:59 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-14 12:59 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-14 12:59 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-14 12:59 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll ==================== One Month Modified Files and Folders ======= 2013-12-05 12:27 - 2013-12-05 12:26 - 00007877 _____ C:\Users\Jo\Downloads\FRST.txt 2013-12-05 12:26 - 2013-12-05 12:26 - 01092683 _____ (Farbar) C:\Users\Jo\Downloads\FRST.exe 2013-12-05 12:06 - 2013-12-02 11:56 - 00168613 _____ C:\Windows\WindowsUpdate.log 2013-12-05 12:00 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\system32\sru 2013-12-05 11:39 - 2013-09-07 14:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-05 10:08 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\Microsoft.NET 2013-12-05 08:47 - 2013-12-05 08:47 - 00891184 _____ C:\Users\Jo\Desktop\SecurityCheck.exe 2013-12-05 08:44 - 2013-09-04 07:44 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-05 08:43 - 2013-12-05 08:43 - 00000000 ____D C:\Program Files\ESET 2013-12-05 08:43 - 2013-09-06 17:50 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Skype 2013-12-05 08:42 - 2013-12-05 08:42 - 02347384 _____ (ESET) C:\Users\Jo\Downloads\esetsmartinstaller_enu.exe 2013-12-05 08:40 - 2013-11-16 20:53 - 00000362 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2013-12-04 12:31 - 2013-11-30 20:13 - 00003154 _____ C:\Windows\PFRO.log 2013-12-04 12:31 - 2012-07-26 07:04 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-04 12:30 - 2012-07-26 05:17 - 00524288 ___SH C:\Windows\system32\config\BBI 2013-12-04 11:29 - 2013-11-30 19:50 - 00000000 ____D C:\Program Files\Free Window Registry Repair 2013-12-04 11:28 - 2013-11-16 20:17 - 00000000 ____D C:\Program Files\DriverToolkit 2013-12-04 11:10 - 2013-12-04 11:10 - 00000000 ____D C:\Windows\ERUNT 2013-12-04 11:07 - 2013-12-04 11:07 - 01034531 _____ (Thisisu) C:\Users\Jo\Desktop\JRT.exe 2013-12-04 11:03 - 2013-12-03 09:25 - 00000000 ____D C:\AdwCleaner 2013-12-04 10:53 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\Web 2013-12-03 19:55 - 2013-09-13 16:04 - 01567232 ___SH C:\Users\Jo\Desktop\Thumbs.db 2013-12-03 19:52 - 2013-12-03 17:20 - 00000000 ____D C:\Users\Jo\Desktop\Youtube downloader 2013-12-03 19:36 - 2013-12-03 19:36 - 25034360 _____ (PortableApps.com) C:\Users\Jo\Downloads\vlcportable_2.1.1.paf.exe 2013-12-03 19:26 - 2013-09-04 16:06 - 00000000 ____D C:\Users\Jo\AppData\Roaming\vlc 2013-12-03 19:24 - 2013-12-03 19:24 - 00000000 ____D C:\Users\Jo\Downloads\IrfanViewPortable 2013-12-03 19:03 - 2013-09-04 07:49 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Adobe 2013-12-03 19:02 - 2013-12-03 19:02 - 11288823 _____ C:\Users\Jo\Desktop\Fertig.psd 2013-12-03 17:57 - 2013-12-03 17:56 - 16896844 _____ C:\Users\Jo\Desktop\12.mp4 2013-12-03 17:36 - 2013-12-03 17:35 - 05326938 _____ C:\Users\Jo\Desktop\9.mp4 2013-12-03 17:35 - 2013-12-03 17:18 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Youtube Downloader HD 2013-12-03 17:20 - 2013-12-03 17:20 - 00654271 _____ C:\Users\Jo\Desktop\8.mp4 2013-12-03 17:18 - 2013-12-03 17:18 - 00001115 _____ C:\Users\Jo\Desktop\Youtube Downloader HD.lnk 2013-12-03 17:18 - 2013-12-03 17:18 - 00000000 ____D C:\Program Files\Youtube Downloader HD 2013-12-03 17:12 - 2013-12-03 17:12 - 09663232 _____ (YoutubeDownloaderHD.com ) C:\Users\Jo\Downloads\youtube_downloader_hd_setup.exe 2013-12-03 11:05 - 2013-09-04 07:48 - 00000000 ____D C:\Users\Jo 2013-12-03 10:52 - 2013-12-03 10:52 - 00000000 ____D C:\FRST 2013-12-03 10:12 - 2013-12-03 10:12 - 00377856 _____ C:\Users\Jo\Downloads\y6o9x316.exe 2013-12-03 09:54 - 2013-12-03 09:54 - 00050477 _____ C:\Users\Jo\Desktop\Defogger.exe 2013-12-03 09:49 - 2012-07-26 07:53 - 00000000 ___RD C:\Windows\DesktopTileResources 2013-12-03 09:37 - 2013-12-03 09:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jo\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-03 09:37 - 2013-12-03 09:37 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Malwarebytes 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-03 09:37 - 2013-12-03 09:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-12-03 09:26 - 2013-10-23 08:23 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat 2013-12-03 09:26 - 2013-09-04 07:49 - 00001146 _____ C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-03 09:24 - 2013-12-03 09:24 - 01110034 _____ C:\Users\Jo\Desktop\adwcleaner.exe 2013-12-03 09:21 - 2013-09-04 15:47 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-02 12:13 - 2013-12-02 12:13 - 01635393 _____ C:\Users\Jo\Downloads\wlan_xg602.exe 2013-12-02 12:13 - 2013-09-06 16:28 - 00000000 ____D C:\Medion 2013-12-02 12:12 - 2013-12-02 12:12 - 01570500 _____ C:\Users\Jo\Downloads\wlanwid2000winxp.exe 2013-12-02 12:06 - 2013-12-02 12:06 - 04894616 _____ (Hewlett-Packard Company ) C:\Users\Jo\Downloads\sp45112.exe 2013-12-02 12:00 - 2013-12-02 12:00 - 00269613 _____ (Medion AG) C:\Users\Jo\Downloads\wlan_rt257xusb(vista).exe 2013-12-02 11:56 - 2013-09-06 17:50 - 00000000 ___RD C:\Program Files\Skype 2013-12-02 11:56 - 2013-09-06 17:50 - 00000000 ____D C:\ProgramData\Skype 2013-12-01 15:55 - 2013-12-01 15:54 - 30280003 _____ C:\Users\Jo\Desktop\6.mp4 2013-12-01 12:14 - 2013-12-01 12:14 - 12477064 _____ C:\Users\Jo\Desktop\NEX1.psd 2013-11-30 20:13 - 2013-11-17 12:24 - 00522312 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-30 20:10 - 2013-11-30 20:09 - 00065100 _____ C:\Users\Jo\Desktop\cc_20131130_200905.reg 2013-11-30 20:08 - 2013-11-17 13:19 - 00000000 ____D C:\Windows\Minidump 2013-11-30 20:08 - 2013-10-17 16:56 - 00000000 ____D C:\Users\Jo\AppData\Roaming\inkscape 2013-11-30 20:08 - 2013-09-05 05:38 - 00000000 ____D C:\Windows\Panther 2013-11-30 20:04 - 2013-11-30 19:58 - 00000000 ____D C:\Program Files\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\Users\Jo\AppData\Roaming\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\ProgramData\AVS4YOU 2013-11-30 19:58 - 2013-11-30 19:58 - 00000000 ____D C:\Program Files\Common Files\AVSMedia 2013-11-30 14:16 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\system32\NDF 2013-11-21 14:52 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\AUInstallAgent 2013-11-19 17:47 - 2013-09-29 13:43 - 00014068 _____ C:\Windows\system32\lvcoinst.log 2013-11-19 17:32 - 2013-11-19 17:32 - 00000000 ____D C:\Windows\LastGood 2013-11-17 14:31 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\rescache 2013-11-17 13:52 - 2013-11-17 13:52 - 00000000 ____D C:\Windows\LastGood.Tmp 2013-11-17 13:52 - 2013-11-16 20:25 - 00000000 ____D C:\Program Files\Pinnacle 2013-11-17 13:21 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\System 2013-11-17 12:23 - 2013-10-23 12:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-11-16 20:25 - 2013-11-16 20:25 - 00000000 ____D C:\Users\Jo\AppData\Local\Downloaded Installations 2013-11-16 20:24 - 2013-11-16 20:24 - 06766520 _____ (Pinnacle Systems ) C:\Users\Jo\Downloads\PCLEUSB2x32.exe 2013-11-16 20:17 - 2013-11-16 20:17 - 00000000 ____D C:\Users\Jo\AppData\Local\DriverToolkit 2013-11-16 20:16 - 2013-11-16 20:16 - 02241694 _____ (Megaify Software ) C:\Users\Jo\Downloads\driver_setup.exe 2013-11-16 20:05 - 2013-11-16 20:05 - 01908225 _____ C:\Users\Jo\Downloads\nw_28186_virtualdubzip.zip 2013-11-16 19:53 - 2013-11-16 19:53 - 00043344 _____ C:\Windows\system32\Drivers\debutfilterx86.sys 2013-11-16 19:53 - 2013-11-16 19:53 - 00001088 _____ C:\Users\Public\Desktop\Debut Videorekorder.lnk 2013-11-16 19:52 - 2012-07-26 05:43 - 00000000 ___RD C:\Users\Public 2013-11-16 19:44 - 2013-09-13 15:26 - 00000000 ____D C:\Daten_Joachim 2013-11-16 19:42 - 2013-11-16 19:42 - 00000000 ____D C:\ProgramData\CyberLink 2013-11-16 18:40 - 2013-11-14 17:25 - 00000000 ____D C:\ProgramData\PMS 2013-11-16 18:07 - 2013-11-16 18:07 - 00000000 ____D C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 2013-11-16 18:07 - 2013-11-16 18:07 - 00000000 ____D C:\Program Files\AviSynth 2.5 2013-11-16 18:06 - 2013-11-16 18:06 - 04182178 _____ (The Public) C:\Users\Jo\Downloads\avisynth_258.exe 2013-11-16 08:29 - 2013-11-16 08:28 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-15 14:56 - 2012-07-26 07:53 - 00000000 ___RD C:\Windows\ToastData 2013-11-15 14:56 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\WinStore 2013-11-15 14:56 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\system32\de-DE 2013-11-14 17:12 - 2013-11-14 17:12 - 05205145 _____ C:\Users\Jo\Downloads\pms-1.90.1-setup-full.zip.part 2013-11-14 13:32 - 2013-09-12 13:11 - 00000000 ____D C:\Windows\system32\MRT 2013-11-14 13:30 - 2013-09-04 16:52 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-14 12:48 - 2013-09-04 15:47 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-11-05 23:58 - 2013-11-15 15:00 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-11-05 23:58 - 2013-11-15 15:00 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\Users\Jo\AppData\Roaming\Camdata.ini C:\Users\Jo\AppData\Roaming\CamLayout.ini C:\Users\Jo\AppData\Roaming\CamShapes.ini Some content of TEMP: ==================== C:\Users\Jo\AppData\Local\Temp\avgnt.exe C:\Users\Jo\AppData\Local\Temp\Quarantine.exe C:\Users\Jo\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-28 14:35 ==================== End Of Log ============================ --- --- --- So weit sieht alles wieder normal aus. Danke für die Hilfe. buenoDad |
06.12.2013, 09:42 | #8 |
/// the machine /// TB-Ausbilder | Sohn hat PC mit bonanzaAds infiziert Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.12.2013, 10:13 | #9 |
| Sohn hat PC mit bonanzaAds infiziert Hallo schrauber, danke für die ganze Hilfestellungen. So weit sieht es wieder ruhig aus. De Internetabbrüche waren gestern noch einmal da, beobachten wir weiter. Wir melden uns sosnt noch einmal neu. Der Thread kann sonst geschlossen werden. Secunia ist uns unklar, scheint das Angebot rausgenommen zu haben. WOT liefert eine xpi-Datei. Was macht man damit ? Danke buenoDad |
06.12.2013, 12:55 | #10 |
/// the machine /// TB-Ausbilder | Sohn hat PC mit bonanzaAds infiziert Lösch die XPI, öffne Firefox > Extras > Addons, suche dort nach WOT und installiere es direkt in Firefox
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Sohn hat PC mit bonanzaAds infiziert |
32-bit, ads, bonanza, ccleaner, check, checkliste, defogger, doppel, doppelt, frst.exe, heute, immer wieder, infiziert, inter, interne, internetseite, internetseiten, laufe, laufen, links, medion, nutzung, punkte, seite, seiten, warnt, wegbekomme, werbung, x64-rechner |