|
Plagegeister aller Art und deren Bekämpfung: Nationzoom-Virus, was kann ich tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.12.2013, 16:22 | #1 |
| Nationzoom-Virus, was kann ich tun? Hallo! Seid ein paar Tagen ist mein PC total langsam. Wenn ich im Internet surfe (ganz gleich ob mit IE oder Firefox) kommt als Startseite immer Nationzoom. Ich habe schon versucht die Browsereinstellungen zu ändern, aber irgendwie hilft das nichts. Gleichzeitig kommen beim Surfen ständig nervige Pop-Ups, es öffnen sich Werbefenster und generell ist die Surfgeschwindigkeit sehr langsam. Mein PC läuft regelrecht heiß und schaltet sich sogar ab und an von selbst aus. Antivir erkennt keine schädliche Software auf meinem PC. Ich habe dann Spyhunter in der Testversion heruntergeladen, diese Software meldet mir 68 Funde. Allerdings wurde ich vor der Bereinigung aufgefordert mir die Vollversion zu kaufen. Jetzt habe ich im Internet gelesen, dass Spyhunter selbst nicht vertrauenswürdig ist und die Vollversion überhaupt nichts bringen würde. Was kann ich jetzt tun? Anzumerken ist, dass ich wirklich überhaupt keine Ahnung von Viren&co habe und in Sachen PC generell sehr unerfahren bin. 7 Liebe Grüße und schonmal vielen Dank! Paula |
06.12.2013, 20:07 | #2 |
Ruhe in Frieden † 2019 | Nationzoom-Virus, was kann ich tun?Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Ich bedanke mich für deine Geduld
__________________ |
07.12.2013, 09:47 | #3 |
| Nationzoom-Virus, was kann ich tun? schonmal vielen vielen Dank!
__________________Hier die Dateien FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2013 01 Ran by Paula (administrator) on PAULA-PC on 07-12-2013 09:42:26 Running from C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MV5O73C Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Windows\SysWOW64\Rezip.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Spotify Ltd) C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.) HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background HKCU\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ7.4\ICQ.exe" silent loginmode=4 HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung) HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-07] () HKCU\...\Run: [Uvyxs] - C:\Users\Paula\AppData\Roaming\Nyseym\ziuh.exe HKCU\...\Run: [Uhowavi] - C:\Users\Paula\AppData\Roaming\Apypsa\yqapv.exe HKCU\...\Run: [Spotify Web Helper] - C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-17] (Spotify Ltd) HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3457901039-3679683318-3372754741-1000\$4b97f9d624886571a1f7b11ec061ee59\n. ATTENTION! ====> ZeroAccess? HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG) AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll [ ] () AppInit_DLLs-x32: [ ] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKCU - DefaultScope {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390 SearchScopes: HKCU - bProtectorDefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 134.93.48.210 134.93.48.196 FireFox: ======== FF ProfilePath: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default FF user.js: detected! => C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\user.js FF NewTab: about:blank FF DefaultSearchEngine: Search By ZoneAlarm FF SelectedSearchEngine: Search By ZoneAlarm FF Homepage: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Firefox.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\icqplugin.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Plusnetwork.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\zonealarm.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: zonealarm.com - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\ffxtlbr@zonealarm.com FF Extension: ICQ Toolbar - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF Extension: DVDVideoSoftTB - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF Extension: DVDVideoSoft Menu - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX Chrome: ======= CHR Extension: (SiteAdvisor) - C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0 ==================== Services (Whitelisted) ================= R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-26] (Avira Operations GmbH & Co. KG) R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.) ==================== Drivers (Whitelisted) ==================== S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] () S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-10] (Windows (R) 2003 DDK 3790 provider) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-12-21] (MCCI Corporation) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-07 09:42 - 2013-12-07 09:42 - 00000000 ____D C:\FRST 2013-12-07 09:26 - 2013-12-07 09:26 - 00000056 _____ C:\Windows\setupact.log 2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log 2013-12-07 09:24 - 2013-12-07 09:24 - 00001938 _____ C:\Windows\PFRO.log 2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint 2013-12-06 10:05 - 2013-12-06 10:08 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk 2013-12-06 10:05 - 2013-12-06 10:08 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi 2013-12-06 10:02 - 2013-12-06 10:02 - 00401752 _____ (Softonic ) C:\Users\Paula\Downloads\SoftonicDownloader_fuer_hijackthis.exe 2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner 2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe 2013-12-05 19:06 - 2013-12-06 10:24 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe 2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat 2013-12-05 16:07 - 2013-12-05 16:07 - 00003326 _____ C:\Windows\System32\Tasks\SpyHunter4Startup 2013-12-05 16:07 - 2013-12-05 16:07 - 00002258 _____ C:\Users\Paula\Desktop\SpyHunter.lnk 2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\sh4ldr 2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-12-05 16:07 - 2012-06-22 11:01 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2013-12-05 16:05 - 2013-12-05 16:07 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP 2013-12-03 22:19 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Opkiga 2013-12-03 22:19 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Luuwu 2013-12-03 22:19 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Exenoh 2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun 2013-12-03 19:22 - 2013-12-03 19:22 - 00000000 ____D C:\Users\Paula\Documents\Optimizer Pro 2013-12-03 19:21 - 2013-12-06 16:02 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-12-03 19:21 - 2013-12-05 09:29 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-12-03 19:20 - 2013-12-06 16:00 - 00000000 ____D C:\ProgramData\WPM 2013-11-25 18:36 - 2013-11-25 19:04 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls 2013-11-25 11:57 - 2013-12-05 15:07 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp 2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp 2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴ 2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj 2013-11-17 13:13 - 2013-11-18 17:42 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp 2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp 2013-11-13 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-13 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-13 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-13 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 21:44 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 21:44 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-13 21:44 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 21:44 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 20:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-13 20:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 20:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 20:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-13 20:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 20:40 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 20:40 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 20:40 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-13 20:40 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-13 20:40 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-13 20:40 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 20:40 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-13 20:40 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-13 20:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 20:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-13 20:40 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-13 20:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-13 20:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-13 20:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-13 20:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-13 20:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-13 20:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 20:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-13 20:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-13 20:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-13 20:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 20:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-13 20:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 20:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-13 20:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys ==================== One Month Modified Files and Folders ======= 2013-12-07 09:42 - 2013-12-07 09:42 - 00000000 ____D C:\FRST 2013-12-07 09:42 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-07 09:42 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-07 09:36 - 2010-06-01 02:03 - 01253661 _____ C:\Windows\WindowsUpdate.log 2013-12-07 09:35 - 2011-01-25 19:48 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2791A68D-C69A-4C65-8CB5-A1EECA16B518} 2013-12-07 09:26 - 2013-12-07 09:26 - 00000056 _____ C:\Windows\setupact.log 2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log 2013-12-07 09:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-07 09:24 - 2013-12-07 09:24 - 00001938 _____ C:\Windows\PFRO.log 2013-12-07 09:24 - 2012-07-25 11:49 - 00000000 ____D C:\Program Files (x86)\BrowserCompanion 2013-12-07 00:27 - 2013-04-05 17:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-07 00:27 - 2011-01-25 21:45 - 00000000 ____D C:\Users\Paula\AppData\Roaming\SoftGrid Client 2013-12-06 16:09 - 2011-07-20 22:10 - 00000000 ____D C:\Users\Paula\AppData\Roaming\DVDVideoSoft 2013-12-06 16:08 - 2012-07-25 11:49 - 00000000 ____D C:\Users\Paula\AppData\Roaming\BrowserCompanion 2013-12-06 16:08 - 2011-01-25 18:57 - 00000000 ___RD C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-06 16:07 - 2010-06-01 18:30 - 02980236 _____ C:\Windows\system32\perfh007.dat 2013-12-06 16:07 - 2010-06-01 18:30 - 00881166 _____ C:\Windows\system32\perfc007.dat 2013-12-06 16:07 - 2009-07-14 06:13 - 00006492 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-06 16:03 - 2010-06-01 01:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-12-06 16:02 - 2013-12-03 19:21 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO 2013-12-06 16:00 - 2013-12-03 19:20 - 00000000 ____D C:\ProgramData\WPM 2013-12-06 10:24 - 2013-12-05 19:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing 2013-12-06 10:09 - 2011-01-25 18:57 - 00000000 ____D C:\Users\Paula\AppData\Local\VirtualStore 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2013-12-06 10:08 - 2013-12-06 10:05 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk 2013-12-06 10:08 - 2013-12-06 10:05 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint 2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi 2013-12-06 10:02 - 2013-12-06 10:02 - 00401752 _____ (Softonic ) C:\Users\Paula\Downloads\SoftonicDownloader_fuer_hijackthis.exe 2013-12-06 09:57 - 2011-08-21 20:56 - 00000000 ____D C:\Users\Paula\AppData\Roaming\FileZilla 2013-12-06 09:57 - 2011-07-16 19:51 - 00000000 ____D C:\Users\Paula\Tracing 2013-12-06 09:54 - 2011-07-17 21:17 - 00000000 ____D C:\Windows\Minidump 2013-12-06 09:54 - 2009-08-02 03:27 - 00000000 ____D C:\Windows\Panther 2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner 2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe 2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat 2013-12-05 16:07 - 2013-12-05 16:07 - 00003326 _____ C:\Windows\System32\Tasks\SpyHunter4Startup 2013-12-05 16:07 - 2013-12-05 16:07 - 00002258 _____ C:\Users\Paula\Desktop\SpyHunter.lnk 2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\sh4ldr 2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-12-05 16:07 - 2013-12-05 16:05 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP 2013-12-05 15:07 - 2013-11-25 11:57 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp 2013-12-05 14:56 - 2013-08-14 07:15 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-05 09:29 - 2013-12-03 19:21 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-12-04 14:50 - 2011-01-25 18:39 - 00000000 ____D C:\Program Files (x86)\Game Pack 2013-12-04 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-12-03 22:19 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Opkiga 2013-12-03 22:19 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Luuwu 2013-12-03 22:19 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Exenoh 2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun 2013-12-03 19:27 - 2011-01-25 21:42 - 00006474 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-03 19:22 - 2013-12-03 19:22 - 00000000 ____D C:\Users\Paula\Documents\Optimizer Pro 2013-12-03 19:20 - 2011-02-21 22:06 - 00002161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-03 19:20 - 2011-01-25 18:57 - 00001655 _____ C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-03 19:18 - 2013-08-18 21:16 - 00000000 ____D C:\Users\Paula\Desktop\Stufe 2013-12-02 20:37 - 2011-07-12 14:48 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Skype 2013-12-01 15:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-11-26 20:51 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Spotify 2013-11-26 20:41 - 2013-08-14 07:17 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-11-26 20:41 - 2013-08-14 07:15 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-11-26 20:41 - 2013-08-14 07:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-11-26 18:17 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Spotify 2013-11-25 19:04 - 2013-11-25 18:36 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls 2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp 2013-11-24 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat 2013-11-24 21:12 - 2011-11-03 17:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Akamai 2013-11-24 21:12 - 2010-06-01 02:11 - 00000000 ____D C:\ProgramData\WinClon 2013-11-24 21:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-11-24 12:32 - 2011-01-25 18:37 - 00000000 ____D C:\Users\Paula 2013-11-20 16:34 - 2013-04-04 13:59 - 00002018 ____H C:\Users\Paula\Documents\Default.rdp 2013-11-19 12:34 - 2012-05-06 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-18 17:42 - 2013-11-17 13:13 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp 2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴ 2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj 2013-11-17 14:56 - 2013-07-13 15:15 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013 2013-11-17 14:50 - 2012-07-02 14:54 - 00000000 ____D C:\Users\Paula\Desktop\Jura Studium 2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp 2013-11-14 09:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-11-13 21:44 - 2013-07-22 06:56 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 21:40 - 2011-01-28 23:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-11 05:50 - 2011-01-27 17:30 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3457901039-3679683318-3372754741-1000\$4b97f9d624886571a1f7b11ec061ee59 Some content of TEMP: ==================== C:\Users\Paula\AppData\Local\Temp\avgnt.exe C:\Users\Paula\AppData\Local\Temp\SHSetup.exe C:\Users\Paula\AppData\Local\Temp\vis-de.exe C:\Users\Paula\AppData\Local\Temp\zatbSetup_110_000_064.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-01 18:18 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2013 01 Ran by Paula at 2013-12-07 09:43:18 Running from C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MV5O73C Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) Akamai NetSession Interface (HKCU) Akamai NetSession Interface Service (x32) Alice Greenfingers (x32) Apple Application Support (x32 Version: 2.1.6) Apple Mobile Device Support (Version: 4.0.0.97) Apple Software Update (x32 Version: 2.1.3.127) ATI Catalyst Install Manager (Version: 3.0.774.0) Avira Free Antivirus (x32 Version: 14.0.1.759) BatteryLifeExtender (x32 Version: 1.0.3) Broadcom 802.11 Network Adapter (Version: 5.60.48.44) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Full New (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Light (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0504.2152.37420) Catalyst Control Center InstallProxy (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Localization All (x32 Version: 2010.0504.2152.37420) CCC Help Chinese Standard (x32 Version: 2010.0504.2151.37420) CCC Help Chinese Traditional (x32 Version: 2010.0504.2151.37420) CCC Help Czech (x32 Version: 2010.0504.2151.37420) CCC Help Danish (x32 Version: 2010.0504.2151.37420) CCC Help Dutch (x32 Version: 2010.0504.2151.37420) CCC Help English (x32 Version: 2010.0504.2151.37420) CCC Help Finnish (x32 Version: 2010.0504.2151.37420) CCC Help French (x32 Version: 2010.0504.2151.37420) CCC Help German (x32 Version: 2010.0504.2151.37420) CCC Help Greek (x32 Version: 2010.0504.2151.37420) CCC Help Hungarian (x32 Version: 2010.0504.2151.37420) CCC Help Italian (x32 Version: 2010.0504.2151.37420) CCC Help Japanese (x32 Version: 2010.0504.2151.37420) CCC Help Korean (x32 Version: 2010.0504.2151.37420) CCC Help Norwegian (x32 Version: 2010.0504.2151.37420) CCC Help Polish (x32 Version: 2010.0504.2151.37420) CCC Help Portuguese (x32 Version: 2010.0504.2151.37420) CCC Help Russian (x32 Version: 2010.0504.2151.37420) CCC Help Spanish (x32 Version: 2010.0504.2151.37420) CCC Help Swedish (x32 Version: 2010.0504.2151.37420) CCC Help Thai (x32 Version: 2010.0504.2151.37420) CCC Help Turkish (x32 Version: 2010.0504.2151.37420) ccc-core-static (x32 Version: 2010.0504.2152.37420) ccc-utility64 (Version: 2010.0504.2152.37420) CCleaner (Version: 4.08) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.661) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.661) Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.661) CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0) CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0) CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1) CorelDRAW Graphics Suite X5 (x32 Version: 15.2) CorelDRAW(R) Graphics Suite X5 (x32 Version: 15.2.0.661) CyberLink YouCam (x32 Version: 2.0.3911) Daycare Nightmare (x32) Easy Content Share (x32 Version: 1.0.0.13) Easy Display Manager (x32 Version: 3.1) Easy Network Manager (x32 Version: 4.3.1) Easy SpeedUp Manager (x32 Version: 2.1.0.11) EasyBatteryManager (x32 Version: 4.0.0.4) EasyFileShare (x32 Version: 1.0.3) ETDWare PS/2-x64 7.0.7.0_WHQL (Version: 7.0.7.0) FileZilla Client 3.5.0 (x32 Version: 3.5.0) Flip Words (x32) Free Audio CD Burner version 1.4.7 (x32) Galapago (x32) Game Pack (x32 Version: 6.3.1.1) Gem Shop (x32) HiJackThis (x32 Version: 1.0.0) Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (x32 Version: 1) Insaniquarium Deluxe (x32) Intel(R) Rapid Storage Technology (x32 Version: 9.6.3.1001) Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002) IrfanView (remove only) (x32 Version: 4.30) iTunes (Version: 10.5.2.11) Java Auto Updater (x32 Version: 2.0.2.4) Java(TM) 6 Update 22 (x32 Version: 6.0.220) LibreOffice 3.3 (x32 Version: 3.3.401) Live Security Platinum (HKCU) Mahjong Escape Ancient China (x32) Marvell Miniport Driver (x32 Version: 11.22.3.3) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000) Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (x32 Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (x32 Version: 9.0.30729) Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1) Mozilla Maintenance Service (x32 Version: 25.0.1) OpenOffice.org 3.4 (x32 Version: 3.4.9590) PhotoStage Slideshow Producer (x32) Picasa 3 (x32 Version: 3.9) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6083) REALTEK Wireless LAN Software (x32 Version: 0133.09.1202) Samsung Kies (x32 Version: 2.2.0.12014_18) Samsung Recovery Solution 4 (x32 Version: 4.0.0.6) Samsung Support Center (x32 Version: 1.0.2) Samsung Update Plus (x32 Version: 2.0) SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0) Skype Click to Call (x32 Version: 6.3.11079) Skype™ 5.10 (x32 Version: 5.10.116) Spotify (HKCU Version: 0.9.6.72.ge389c074) SpyHunter (Version: 4.16.5.4290) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) User Guide (x32 Version: 1.0) Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69) Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69) Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5) ==================== Restore Points ========================= 04-12-2013 22:27:54 Windows Update 05-12-2013 07:57:31 Windows Update 05-12-2013 15:06:00 Installed SpyHunter 06-12-2013 09:04:52 Installed HiJackThis 06-12-2013 15:03:14 Removed Atheros Client Installation Program 06-12-2013 15:05:47 Removed HiJackThis 06-12-2013 15:08:03 Removed Bonjour ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {100C4F02-D9E2-403A-A907-64348E952739} - System32\Tasks\{B3CAFF63-E2BB-46DD-8413-8886624B9A7C} => C:\Users\Paula\Desktop\Downloads\avira_antivir_personal_de609.exe [2011-01-27] () Task: {2224746E-5CFC-48E0-89CF-1A3AA51AEA8D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {2BC78291-5B64-4D3C-934D-F1894BAD0787} - System32\Tasks\{5FE05CF0-3CF1-494C-A406-7B9C3C1205F8} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe Task: {3ECC68C6-E2C5-4191-96DA-AE07FF7BEDC9} - System32\Tasks\{F00A186A-630B-49A6-956C-46E3DB0A2BA2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar Task: {62A69A7F-0BDB-45D4-B4AB-A4FFA1F2D6B7} - System32\Tasks\{47F9CF17-2A0C-4179-812F-02A59A171263} => C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe Task: {6C77CCCD-9510-43C0-90EF-F296F4CB5443} - System32\Tasks\{96E187CA-3D74-4562-B558-F8D6DE40E38E} => C:\Users\Paula\Desktop\Downloads\avira_antivir_personal_de609.exe [2011-01-27] () Task: {7EE38988-AB08-4453-AA80-C802C1252B79} - System32\Tasks\{21A303CA-1074-45ED-BEDF-7DC23FB69BDF} => C:\Users\Paula\Desktop\Stufe\avira_free_antivirus_de.exe Task: {8813E5D3-87AE-4768-B14F-387BD05ACF8D} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics) Task: {94A6DB14-A166-40F1-A289-C1AB91B85AA7} - System32\Tasks\{A0D3ACA3-AF85-4C31-BBA1-56F427CC9FD1} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe Task: {B3038D87-CE94-422A-9FDC-9D893BB5CEE3} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {CD43C245-75B3-4853-BE73-88B6418617A5} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2013-10-18] (Enigma Software Group USA, LLC.) Task: {CD819A81-4C92-4F0E-9242-D3431D89ACF4} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.) Task: {D7124D21-9D3D-430E-9095-5CA5C98AB530} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-04-17] (Samsung Electronics. Co. Ltd.) Task: {D774F9DD-6A0C-478D-A6E1-DF1734E28C67} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe Task: {E0AE514E-34F8-42BF-8EF8-B6BD4BD52D96} - System32\Tasks\{27725434-10B2-41EA-843B-EB5ED3C8D687} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation) Task: {EB8F3FFE-B076-4E82-8CB6-A2DE27366159} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd) Task: {EDCACFEC-9D3B-400E-83BB-3EBCF095C234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated) Task: {F56B76B9-95E0-47F8-8A07-72DDB540B015} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-04-07] (Samsung Electronics Co., Ltd.) Task: {F9CE13F9-8BA6-4A7A-9512-FC0F318C1BB5} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2009-02-12 06:32 - 2009-02-12 06:32 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-06-01 02:01 - 2010-06-01 02:01 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-08-14 07:15 - 2013-08-13 08:32 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-06-01 02:09 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll 2012-03-07 22:29 - 2012-03-07 22:29 - 00115137 _____ () C:\Users\Paula\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/06/2013 03:37:48 PM) (Source: Application Hang) (User: ) Description: Programm IEXPLORE.EXE, Version 10.0.9200.16736 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8cc Startzeit: 01cef28dc866f07f Endzeit: 25 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 998 Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 998 Error: (12/06/2013 00:58:00 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/06/2013 10:36:30 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (12/06/2013 10:36:29 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (12/06/2013 10:36:26 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator System errors: ============= Error: (12/07/2013 09:33:33 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/06/2013 08:55:38 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/06/2013 08:51:14 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/06/2013 08:51:14 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht. Error: (12/06/2013 08:50:07 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 05.12.2013 um 23:46:52 unerwartet heruntergefahren. Error: (12/05/2013 08:14:27 PM) (Source: DCOM) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (12/05/2013 04:07:54 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/05/2013 03:59:27 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/05/2013 02:59:23 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT-AUTORITÄT) Description: Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle Auftragsanzahl für den Paula-PC\Paula-Benutzer ("60") ist gleich oder größer als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird, bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits pro Benutzer und pro Computer zu erhöhen. Error: (12/05/2013 02:55:14 PM) (Source: DCOM) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Microsoft Office Sessions: ========================= Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/06/2013 03:37:48 PM) (Source: Application Hang)(User: ) Description: IEXPLORE.EXE10.0.9200.167368cc01cef28dc866f07f25C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 998 Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 998 Error: (12/06/2013 00:58:00 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/06/2013 10:36:30 AM) (Source: VSS)(User: ) Description: Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (12/06/2013 10:36:29 AM) (Source: VSS)(User: ) Description: Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (12/06/2013 10:36:26 AM) (Source: VSS)(User: ) Description: Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator ==================== Memory info =========================== Percentage of memory in use: 40% Total physical RAM: 3946.18 MB Available physical RAM: 2353.24 MB Total Pagefile: 7890.54 MB Available Pagefile: 5497.91 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:179 GB) (Free:101.61 GB) NTFS Drive d: () (Fixed) (Total:266.66 GB) (Free:249.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 4394EB81) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=179 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=267 GB) - (Type=OF Extended) ==================== End Of Log ============================ Liebe Grüße, Paula |
07.12.2013, 13:52 | #4 |
Ruhe in Frieden † 2019 | Nationzoom-Virus, was kann ich tun? Hallo Paula, bitte speichere alle unsere Tools auf dem Desktop ab. Du hast dir da noch etwas anderes eingefangen, da müssen wir uns zuerst drum kümmern. Schritt 1 Bitte deinstalliere folgende Programme: Java 6 Update 22 SpyHunter Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Schritt 2 Scan mit Combofix
Schritt 3 Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier. Schritt 4 Starte noch einmal FRST.
|
07.12.2013, 16:20 | #5 | |
| Nationzoom-Virus, was kann ich tun? Hallo! Hierschonmal die Datei von Combofix. Code:
ATTFilter ComboFix 13-12-07.01 - Paula 07.12.2013 15:44:40.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3946.2479 [GMT 1:00] ausgeführt von:: c:\users\Paula\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Paula\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll . ---- Vorheriger Suchlauf ------- . c:\program files (x86)\BrowserCompanion\jsloader.dll c:\program files (x86)\BrowserCompanion\logo.ico c:\program files (x86)\BrowserCompanion\terms.lnk.url c:\programdata\NOTEPAD.EXE-x.txt c:\programdata\RUNDLL32.EXE-x.txt c:\users\Paula\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences c:\users\Paula\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll c:\users\Paula\AppData\Roaming\Alviz\buqex.bos c:\users\Paula\AppData\Roaming\Exenoh\aligt.pae c:\users\Paula\AppData\Roaming\Luuwu\xauki.oxy c:\users\Paula\AppData\Roaming\Opkiga\ahci.exe c:\windows\SysWow64\System32\MASetupCleaner.exe c:\windows\SysWow64\System32\muzapp.exe D:\install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-11-07 bis 2013-12-07 )))))))))))))))))))))))))))))) . . 2013-12-07 14:53 . 2013-12-07 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-12-07 08:42 . 2013-12-07 08:42 -------- d-----w- C:\FRST 2013-12-06 15:01 . 2013-12-06 15:01 -------- d-----w- c:\windows\system32\IO 2013-12-06 09:08 . 2013-12-06 09:08 -------- d-----w- c:\program files (x86)\CheckPoint 2013-12-06 09:08 . 2013-12-06 09:08 388096 ----a-r- c:\users\Paula\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-12-06 09:08 . 2013-12-06 09:08 -------- d-----w- c:\program files (x86)\Trend Micro 2013-12-06 09:07 . 2013-12-06 09:07 -------- d-----w- c:\programdata\CheckPoint 2013-12-06 08:33 . 2013-12-06 08:33 -------- d-----w- c:\program files\CCleaner 2013-12-06 08:00 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DBB0572-8ADE-4E78-80AA-E7EDD26D5477}\mpengine.dll 2013-12-05 18:06 . 2013-12-06 09:24 -------- d-----w- c:\users\Paula\AppData\Roaming\Nico Mak Computing 2013-12-05 15:07 . 2013-12-05 15:07 -------- d-----w- c:\program files\Enigma Software Group 2013-12-05 15:05 . 2013-12-07 14:15 -------- d-----w- c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP 2013-12-05 15:05 . 2013-12-05 15:05 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-12-03 18:40 . 2013-12-03 18:40 -------- d-----w- c:\windows\Sun 2013-12-03 18:21 . 2013-12-06 15:02 -------- d-----w- c:\program files (x86)\MyPC Backup 2013-12-03 18:21 . 2013-12-05 08:29 -------- d-----w- c:\program files (x86)\Optimizer Pro 2013-12-03 18:21 . 2013-12-03 18:21 -------- d-----w- c:\users\Paula\AppData\Local\Programs 2013-12-03 18:20 . 2013-12-06 15:00 -------- d-----w- c:\programdata\WPM 2013-11-13 20:44 . 2013-10-12 08:45 1364992 ----a-w- c:\windows\system32\urlmon.dll 2013-11-13 19:40 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-05 13:56 . 2013-08-14 06:15 107416 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-11-26 19:41 . 2013-08-14 06:17 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-11-26 19:41 . 2013-08-14 06:15 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-11-26 19:41 . 2013-08-14 06:15 132600 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-11-13 20:40 . 2011-01-28 22:08 82896128 ----a-w- c:\windows\system32\MRT.exe 2013-11-11 04:50 . 2011-01-27 16:30 267936 ------w- c:\windows\system32\MpSigStub.exe 2013-10-09 20:11 . 2013-04-05 16:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-09 20:11 . 2011-09-26 14:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624] "Akamai NetSession Interface"="c:\users\Paula\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472] "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-03 943504] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-07 21416] "Spotify Web Helper"="c:\users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-11-17 1168896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-11-26 683576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x] R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bserd.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhalt des "geplante Tasks" Ordners . 2013-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-05 20:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mDefault_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} mDefault_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX mStart Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} uInternet Settings,ProxyOverride = 127.0.0.1:9421;????????????????????????????e?;<local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 134.93.48.210 134.93.48.196 FF - ProfilePath - c:\users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\ FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& FF - ExtSQL: 2013-12-06 10:24; ffxtlbr@zonealarm.com; c:\users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\extensions\ffxtlbr@zonealarm.com FF - user.js: extensions.zonealarm.hpOld0 - hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=Solo&Lan={dfltLng}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&q= FF - user.js: extensions.zonealarm.id - d8436c4d000000000000ee39dfbcaca9 FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84} FF - user.js: extensions.zonealarm.instlDay - 16045 FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11 FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11 FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1110:08 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 5003 FF - user.js: extensions.zonealarm.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - Solo FF - user.js: extensions.zonealarm.instlRef - ZLN120896091084577-5003 FF - user.js: extensions.zonealarm.dfltLng - FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.ffxUnstlRst - false FF - user.js: extensions.zonealarm.admin - false FF - user.js: extensions.zonealarm.autoRvrt - false FF - user.js: extensions.zonealarm.rvrt - false FF - user.js: extensions.zonealarm.hmpg - true FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& FF - user.js: extensions.zonealarm.dfltSrch - true FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&q= FF - user.js: extensions.zonealarm.dnsErr - true FF - user.js: extensions.zonealarm.newTab - true FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-ICQ - c:\program files (x86)\ICQ7.4\ICQ.exe Wow6432Node-HKCU-Run-Uvyxs - c:\users\Paula\AppData\Roaming\Nyseym\ziuh.exe Wow6432Node-HKCU-Run-Uhowavi - c:\users\Paula\AppData\Roaming\Apypsa\yqapv.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-12-07 16:01:29 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-12-07 15:01 . Vor Suchlauf: 12 Verzeichnis(se), 108.562.767.872 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 107.830.464.512 Bytes frei . - - End Of File - - A0D4BACC9AA178EDE5CC08D4A4BD3649 Liebe Grüße, Paula Hier die Loggdatei von FSS. Code:
ATTFilter Farbar Service Scanner Version: 05-12-2013 Ran by Paula (administrator) on 07-12-2013 at 16:08:10 Running from "C:\Users\Paula\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Bei FRST gab es jetzt folgendes Problem: Ich habe das Programm auf meinem Rechner nicht mehr gefunden (wurde das eventuell bei dem Vorgang gelöscht?) Deshalb habe ich mir das neu runtergeladen. Wenn ich jetzt aber den SCAN durchführe, kommt immer die folgende Meldung: Zitat:
Was soll ich jetzt tun? Ach mist, jetzt habe ich in der Aufregung auf "antworten" anstatt auf "editieren" geklickt... tut mir leid :/ Liebe Grüße und vielen Dank für die Mühe, Paula Geändert von Paula123 (07.12.2013 um 16:44 Uhr) |
07.12.2013, 21:04 | #6 |
Ruhe in Frieden † 2019 | Nationzoom-Virus, was kann ich tun? Hallo Paula, lösche die FRST64.exe, dann downloade dir sie nochmal, speichere sie auf dem Desktop und versuche es nochmal, wenn das nicht geht, dann lade dir bitte OTL runter. Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Optionaler Schritt (falls FRST wieder nicht geht) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ --> Nationzoom-Virus, was kann ich tun? |
08.12.2013, 10:35 | #7 |
| Nationzoom-Virus, was kann ich tun? Jetzt hat es mit FRST wieder geklappt. Paula und Technik Hier die Logfiles: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2013 01 Ran by Paula (administrator) on PAULA-PC on 08-12-2013 10:29:02 Running from C:\Users\Paula\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Windows\SysWOW64\Rezip.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Spotify Ltd) C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Farbar) C:\Users\Paula\Desktop\FRST64 (2).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.) HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung) HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-07] () HKCU\...\Run: [Spotify Web Helper] - C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-17] (Spotify Ltd) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKCU - DefaultScope {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390 SearchScopes: HKCU - bProtectorDefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 134.93.48.210 134.93.48.196 FireFox: ======== FF ProfilePath: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default FF user.js: detected! => C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\user.js FF NewTab: about:blank FF DefaultSearchEngine: Search By ZoneAlarm FF SelectedSearchEngine: Search By ZoneAlarm FF Homepage: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Firefox.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\icqplugin.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Plusnetwork.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\zonealarm.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: zonealarm.com - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\ffxtlbr@zonealarm.com FF Extension: ICQ Toolbar - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF Extension: DVDVideoSoftTB - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF Extension: DVDVideoSoft Menu - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX Chrome: ======= CHR HomePage: hxxp://www.searchplusnetwork.com/?sp=vit4 CHR RestoreOnStartup: "hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&" CHR DefaultSearchProvider: Search By ZoneAlarm CHR DefaultSearchURL: hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& CHR DefaultSuggestURL: "suggest_url" : "" CHR Extension: (SiteAdvisor) - C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0 ==================== Services (Whitelisted) ================= R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-26] (Avira Operations GmbH & Co. KG) R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () ==================== Drivers (Whitelisted) ==================== S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-10] (Windows (R) 2003 DDK 3790 provider) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-12-21] (MCCI Corporation) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-08 10:28 - 2013-12-08 10:28 - 01927742 _____ (Farbar) C:\Users\Paula\Desktop\FRST64 (2).exe 2013-12-07 16:14 - 2013-12-08 10:30 - 00015464 _____ C:\Users\Paula\Desktop\FRST.txt 2013-12-07 16:13 - 2013-12-07 16:13 - 01927514 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe 2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt 2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe 2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt 2013-12-07 15:26 - 2013-12-07 16:01 - 00000000 ____D C:\Qoobox 2013-12-07 15:26 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2013-12-07 15:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2013-12-07 15:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2013-12-07 15:25 - 2013-12-07 15:59 - 00000000 ____D C:\Windows\erdnt 2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe 2013-12-07 09:42 - 2013-12-07 09:42 - 00000000 ____D C:\FRST 2013-12-07 09:26 - 2013-12-08 10:08 - 00000336 _____ C:\Windows\setupact.log 2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log 2013-12-07 09:24 - 2013-12-07 15:54 - 00003036 _____ C:\Windows\PFRO.log 2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint 2013-12-06 10:05 - 2013-12-06 10:08 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk 2013-12-06 10:05 - 2013-12-06 10:08 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi 2013-12-06 10:02 - 2013-12-06 10:02 - 00401752 _____ (Softonic ) C:\Users\Paula\Downloads\SoftonicDownloader_fuer_hijackthis.exe 2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner 2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe 2013-12-05 19:06 - 2013-12-06 10:24 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe 2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat 2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-12-05 16:05 - 2013-12-07 15:15 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP 2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun 2013-12-03 19:22 - 2013-12-03 19:22 - 00000000 ____D C:\Users\Paula\Documents\Optimizer Pro 2013-12-03 19:21 - 2013-12-06 16:02 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-12-03 19:21 - 2013-12-05 09:29 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-12-03 19:20 - 2013-12-06 16:00 - 00000000 ____D C:\ProgramData\WPM 2013-11-25 18:36 - 2013-11-25 19:04 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls 2013-11-25 11:57 - 2013-12-05 15:07 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp 2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp 2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴ 2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj 2013-11-17 13:13 - 2013-11-18 17:42 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp 2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp 2013-11-13 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-13 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-13 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-13 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 21:44 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 21:44 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-13 21:44 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 21:44 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 20:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-13 20:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 20:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 20:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-13 20:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 20:40 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 20:40 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 20:40 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-13 20:40 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-13 20:40 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-13 20:40 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 20:40 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-13 20:40 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-13 20:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 20:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-13 20:40 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-13 20:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-13 20:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-13 20:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-13 20:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-13 20:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-13 20:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 20:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-13 20:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-13 20:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-13 20:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 20:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-13 20:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 20:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-13 20:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys ==================== One Month Modified Files and Folders ======= 2013-12-08 10:30 - 2013-12-07 16:14 - 00015464 _____ C:\Users\Paula\Desktop\FRST.txt 2013-12-08 10:28 - 2013-12-08 10:28 - 01927742 _____ (Farbar) C:\Users\Paula\Desktop\FRST64 (2).exe 2013-12-08 10:26 - 2011-01-25 19:48 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2791A68D-C69A-4C65-8CB5-A1EECA16B518} 2013-12-08 10:16 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-08 10:16 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-08 10:13 - 2010-06-01 02:03 - 01386662 _____ C:\Windows\WindowsUpdate.log 2013-12-08 10:10 - 2013-04-05 17:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-08 10:08 - 2013-12-07 09:26 - 00000336 _____ C:\Windows\setupact.log 2013-12-08 10:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-07 19:52 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Spotify 2013-12-07 19:52 - 2011-01-25 21:45 - 00000000 ____D C:\Users\Paula\AppData\Roaming\SoftGrid Client 2013-12-07 19:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-12-07 17:25 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Spotify 2013-12-07 16:13 - 2013-12-07 16:13 - 01927514 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe 2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt 2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe 2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt 2013-12-07 16:01 - 2013-12-07 15:26 - 00000000 ____D C:\Qoobox 2013-12-07 16:01 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default 2013-12-07 15:59 - 2013-12-07 15:25 - 00000000 ____D C:\Windows\erdnt 2013-12-07 15:55 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2013-12-07 15:54 - 2013-12-07 09:24 - 00003036 _____ C:\Windows\PFRO.log 2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe 2013-12-07 15:15 - 2013-12-05 16:05 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP 2013-12-07 09:42 - 2013-12-07 09:42 - 00000000 ____D C:\FRST 2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log 2013-12-06 16:09 - 2011-07-20 22:10 - 00000000 ____D C:\Users\Paula\AppData\Roaming\DVDVideoSoft 2013-12-06 16:08 - 2012-07-25 11:49 - 00000000 ____D C:\Users\Paula\AppData\Roaming\BrowserCompanion 2013-12-06 16:08 - 2011-01-25 18:57 - 00000000 ___RD C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-06 16:07 - 2010-06-01 18:30 - 02980236 _____ C:\Windows\system32\perfh007.dat 2013-12-06 16:07 - 2010-06-01 18:30 - 00881166 _____ C:\Windows\system32\perfc007.dat 2013-12-06 16:07 - 2009-07-14 06:13 - 00006492 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-06 16:03 - 2010-06-01 01:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-12-06 16:02 - 2013-12-03 19:21 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO 2013-12-06 16:00 - 2013-12-03 19:20 - 00000000 ____D C:\ProgramData\WPM 2013-12-06 10:24 - 2013-12-05 19:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing 2013-12-06 10:09 - 2011-01-25 18:57 - 00000000 ____D C:\Users\Paula\AppData\Local\VirtualStore 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2013-12-06 10:08 - 2013-12-06 10:05 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk 2013-12-06 10:08 - 2013-12-06 10:05 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint 2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi 2013-12-06 10:02 - 2013-12-06 10:02 - 00401752 _____ (Softonic ) C:\Users\Paula\Downloads\SoftonicDownloader_fuer_hijackthis.exe 2013-12-06 09:57 - 2011-08-21 20:56 - 00000000 ____D C:\Users\Paula\AppData\Roaming\FileZilla 2013-12-06 09:57 - 2011-07-16 19:51 - 00000000 ____D C:\Users\Paula\Tracing 2013-12-06 09:54 - 2011-07-17 21:17 - 00000000 ____D C:\Windows\Minidump 2013-12-06 09:54 - 2009-08-02 03:27 - 00000000 ____D C:\Windows\Panther 2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner 2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe 2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat 2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-12-05 15:07 - 2013-11-25 11:57 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp 2013-12-05 14:56 - 2013-08-14 07:15 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-05 09:29 - 2013-12-03 19:21 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-12-04 14:50 - 2011-01-25 18:39 - 00000000 ____D C:\Program Files (x86)\Game Pack 2013-12-04 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun 2013-12-03 19:27 - 2011-01-25 21:42 - 00006474 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-03 19:22 - 2013-12-03 19:22 - 00000000 ____D C:\Users\Paula\Documents\Optimizer Pro 2013-12-03 19:20 - 2011-02-21 22:06 - 00002161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-03 19:20 - 2011-01-25 18:57 - 00001655 _____ C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-03 19:18 - 2013-08-18 21:16 - 00000000 ____D C:\Users\Paula\Desktop\Stufe 2013-12-02 20:37 - 2011-07-12 14:48 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Skype 2013-11-26 20:41 - 2013-08-14 07:17 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-11-26 20:41 - 2013-08-14 07:15 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-11-26 20:41 - 2013-08-14 07:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-11-25 19:04 - 2013-11-25 18:36 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls 2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp 2013-11-24 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat 2013-11-24 21:12 - 2011-11-03 17:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Akamai 2013-11-24 21:12 - 2010-06-01 02:11 - 00000000 ____D C:\ProgramData\WinClon 2013-11-24 21:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-11-24 12:32 - 2011-01-25 18:37 - 00000000 ____D C:\Users\Paula 2013-11-20 16:34 - 2013-04-04 13:59 - 00002018 ____H C:\Users\Paula\Documents\Default.rdp 2013-11-19 12:34 - 2012-05-06 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-18 17:42 - 2013-11-17 13:13 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp 2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴ 2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj 2013-11-17 14:56 - 2013-07-13 15:15 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013 2013-11-17 14:50 - 2012-07-02 14:54 - 00000000 ____D C:\Users\Paula\Desktop\Jura Studium 2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp 2013-11-14 09:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-11-13 21:44 - 2013-07-22 06:56 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 21:40 - 2011-01-28 23:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-11 05:50 - 2011-01-27 17:30 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Paula\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-01 18:18 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2013 01 Ran by Paula at 2013-12-08 10:30:36 Running from C:\Users\Paula\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) Akamai NetSession Interface (HKCU) Akamai NetSession Interface Service (x32) Alice Greenfingers (x32) Apple Application Support (x32 Version: 2.1.6) Apple Mobile Device Support (Version: 4.0.0.97) Apple Software Update (x32 Version: 2.1.3.127) ATI Catalyst Install Manager (Version: 3.0.774.0) Avira Free Antivirus (x32 Version: 14.0.1.759) BatteryLifeExtender (x32 Version: 1.0.3) Broadcom 802.11 Network Adapter (Version: 5.60.48.44) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Full New (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Light (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0504.2152.37420) Catalyst Control Center InstallProxy (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Localization All (x32 Version: 2010.0504.2152.37420) CCC Help Chinese Standard (x32 Version: 2010.0504.2151.37420) CCC Help Chinese Traditional (x32 Version: 2010.0504.2151.37420) CCC Help Czech (x32 Version: 2010.0504.2151.37420) CCC Help Danish (x32 Version: 2010.0504.2151.37420) CCC Help Dutch (x32 Version: 2010.0504.2151.37420) CCC Help English (x32 Version: 2010.0504.2151.37420) CCC Help Finnish (x32 Version: 2010.0504.2151.37420) CCC Help French (x32 Version: 2010.0504.2151.37420) CCC Help German (x32 Version: 2010.0504.2151.37420) CCC Help Greek (x32 Version: 2010.0504.2151.37420) CCC Help Hungarian (x32 Version: 2010.0504.2151.37420) CCC Help Italian (x32 Version: 2010.0504.2151.37420) CCC Help Japanese (x32 Version: 2010.0504.2151.37420) CCC Help Korean (x32 Version: 2010.0504.2151.37420) CCC Help Norwegian (x32 Version: 2010.0504.2151.37420) CCC Help Polish (x32 Version: 2010.0504.2151.37420) CCC Help Portuguese (x32 Version: 2010.0504.2151.37420) CCC Help Russian (x32 Version: 2010.0504.2151.37420) CCC Help Spanish (x32 Version: 2010.0504.2151.37420) CCC Help Swedish (x32 Version: 2010.0504.2151.37420) CCC Help Thai (x32 Version: 2010.0504.2151.37420) CCC Help Turkish (x32 Version: 2010.0504.2151.37420) ccc-core-static (x32 Version: 2010.0504.2152.37420) ccc-utility64 (Version: 2010.0504.2152.37420) CCleaner (Version: 4.08) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.661) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.661) Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.661) CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0) CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0) CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1) CorelDRAW Graphics Suite X5 (x32 Version: 15.2) CorelDRAW(R) Graphics Suite X5 (x32 Version: 15.2.0.661) CyberLink YouCam (x32 Version: 2.0.3911) Daycare Nightmare (x32) Easy Content Share (x32 Version: 1.0.0.13) Easy Display Manager (x32 Version: 3.1) Easy Network Manager (x32 Version: 4.3.1) Easy SpeedUp Manager (x32 Version: 2.1.0.11) EasyBatteryManager (x32 Version: 4.0.0.4) EasyFileShare (x32 Version: 1.0.3) ETDWare PS/2-x64 7.0.7.0_WHQL (Version: 7.0.7.0) FileZilla Client 3.5.0 (x32 Version: 3.5.0) Flip Words (x32) Free Audio CD Burner version 1.4.7 (x32) Galapago (x32) Game Pack (x32 Version: 6.3.1.1) Gem Shop (x32) HiJackThis (x32 Version: 1.0.0) Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (x32 Version: 1) Insaniquarium Deluxe (x32) Intel(R) Rapid Storage Technology (x32 Version: 9.6.3.1001) Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002) IrfanView (remove only) (x32 Version: 4.30) iTunes (Version: 10.5.2.11) LibreOffice 3.3 (x32 Version: 3.3.401) Mahjong Escape Ancient China (x32) Marvell Miniport Driver (x32 Version: 11.22.3.3) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000) Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (x32 Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (x32 Version: 9.0.30729) Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1) Mozilla Maintenance Service (x32 Version: 25.0.1) OpenOffice.org 3.4 (x32 Version: 3.4.9590) PhotoStage Slideshow Producer (x32) Picasa 3 (x32 Version: 3.9) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6083) REALTEK Wireless LAN Software (x32 Version: 0133.09.1202) Samsung Kies (x32 Version: 2.2.0.12014_18) Samsung Recovery Solution 4 (x32 Version: 4.0.0.6) Samsung Support Center (x32 Version: 1.0.2) Samsung Update Plus (x32 Version: 2.0) SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0) Skype Click to Call (x32 Version: 6.3.11079) Skype™ 5.10 (x32 Version: 5.10.116) Spotify (HKCU Version: 0.9.6.72.ge389c074) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) User Guide (x32 Version: 1.0) Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69) Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69) Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5) ==================== Restore Points ========================= 04-12-2013 22:27:54 Windows Update 05-12-2013 07:57:31 Windows Update 05-12-2013 15:06:00 Installed SpyHunter 06-12-2013 09:04:52 Installed HiJackThis 06-12-2013 15:03:14 Removed Atheros Client Installation Program 06-12-2013 15:05:47 Removed HiJackThis 06-12-2013 15:08:03 Removed Bonjour 07-12-2013 14:12:52 Removed SpyHunter 07-12-2013 14:16:14 Removed Java(TM) 6 Update 22 ==================== Hosts content: ========================== 2009-07-14 03:34 - 2013-12-07 15:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {100C4F02-D9E2-403A-A907-64348E952739} - System32\Tasks\{B3CAFF63-E2BB-46DD-8413-8886624B9A7C} => C:\Users\Paula\Desktop\Downloads\avira_antivir_personal_de609.exe [2011-01-27] () Task: {2224746E-5CFC-48E0-89CF-1A3AA51AEA8D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {2BC78291-5B64-4D3C-934D-F1894BAD0787} - System32\Tasks\{5FE05CF0-3CF1-494C-A406-7B9C3C1205F8} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe Task: {3ECC68C6-E2C5-4191-96DA-AE07FF7BEDC9} - System32\Tasks\{F00A186A-630B-49A6-956C-46E3DB0A2BA2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar Task: {62A69A7F-0BDB-45D4-B4AB-A4FFA1F2D6B7} - System32\Tasks\{47F9CF17-2A0C-4179-812F-02A59A171263} => C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe Task: {6C77CCCD-9510-43C0-90EF-F296F4CB5443} - System32\Tasks\{96E187CA-3D74-4562-B558-F8D6DE40E38E} => C:\Users\Paula\Desktop\Downloads\avira_antivir_personal_de609.exe [2011-01-27] () Task: {7EE38988-AB08-4453-AA80-C802C1252B79} - System32\Tasks\{21A303CA-1074-45ED-BEDF-7DC23FB69BDF} => C:\Users\Paula\Desktop\Stufe\avira_free_antivirus_de.exe Task: {8813E5D3-87AE-4768-B14F-387BD05ACF8D} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics) Task: {94A6DB14-A166-40F1-A289-C1AB91B85AA7} - System32\Tasks\{A0D3ACA3-AF85-4C31-BBA1-56F427CC9FD1} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe Task: {B3038D87-CE94-422A-9FDC-9D893BB5CEE3} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {CD819A81-4C92-4F0E-9242-D3431D89ACF4} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.) Task: {D7124D21-9D3D-430E-9095-5CA5C98AB530} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-04-17] (Samsung Electronics. Co. Ltd.) Task: {D774F9DD-6A0C-478D-A6E1-DF1734E28C67} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe Task: {E0AE514E-34F8-42BF-8EF8-B6BD4BD52D96} - System32\Tasks\{27725434-10B2-41EA-843B-EB5ED3C8D687} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation) Task: {EB8F3FFE-B076-4E82-8CB6-A2DE27366159} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd) Task: {EDCACFEC-9D3B-400E-83BB-3EBCF095C234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated) Task: {F56B76B9-95E0-47F8-8A07-72DDB540B015} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-04-07] (Samsung Electronics Co., Ltd.) Task: {F9CE13F9-8BA6-4A7A-9512-FC0F318C1BB5} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2009-02-12 06:32 - 2009-02-12 06:32 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-06-01 02:01 - 2010-06-01 02:01 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-08-14 07:15 - 2013-08-13 08:32 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-12-08 10:08 - 2013-12-08 10:08 - 00115137 _____ () C:\Users\Paula\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll 2010-06-01 02:09 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll 2013-11-18 15:25 - 2013-11-18 15:25 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/07/2013 03:49:56 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/06/2013 03:37:48 PM) (Source: Application Hang) (User: ) Description: Programm IEXPLORE.EXE, Version 10.0.9200.16736 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8cc Startzeit: 01cef28dc866f07f Endzeit: 25 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 998 Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 998 Error: (12/06/2013 00:58:00 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/06/2013 10:36:30 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (12/06/2013 10:36:29 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator System errors: ============= Error: (12/08/2013 10:08:53 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht. Error: (12/07/2013 03:55:12 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht. Error: (12/07/2013 03:53:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (12/07/2013 03:53:11 PM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (12/07/2013 03:53:11 PM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (12/07/2013 03:50:13 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (12/07/2013 03:42:51 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/07/2013 03:42:51 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/07/2013 03:40:21 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht. Error: (12/07/2013 03:38:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243 Microsoft Office Sessions: ========================= Error: (12/07/2013 03:49:56 PM) (Source: CVHSVC)(User: ) Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/06/2013 03:37:48 PM) (Source: Application Hang)(User: ) Description: IEXPLORE.EXE10.0.9200.167368cc01cef28dc866f07f25C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 998 Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 998 Error: (12/06/2013 00:58:00 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/06/2013 10:36:30 AM) (Source: VSS)(User: ) Description: Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (12/06/2013 10:36:29 AM) (Source: VSS)(User: ) Description: Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator CodeIntegrity Errors: =================================== Date: 2013-12-07 15:53:11.615 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-12-07 15:53:11.412 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-12-07 15:53:11.210 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-12-07 15:53:11.007 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-12-07 15:32:48.006 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-12-07 15:32:47.819 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 3946.18 MB Available physical RAM: 2386.25 MB Total Pagefile: 7890.54 MB Available Pagefile: 5923.82 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:179 GB) (Free:100.11 GB) NTFS Drive d: () (Fixed) (Total:266.66 GB) (Free:249.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 4394EB81) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=179 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=267 GB) - (Type=OF Extended) ==================== End Of Log ============================ Liebe Grüße und einen schönen Sonntag! |
08.12.2013, 21:46 | #8 |
Ruhe in Frieden † 2019 | Nationzoom-Virus, was kann ich tun? Hallo Paula, sehr schön, danke. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () C:\Program Files\Enigma Software Group C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\delta.xml C:\Users\Paula\Documents\Optimizer Pro C:\Program Files (x86)\Optimizer Pro C:\Program Files (x86)\MyPC Backup C:\Program Files (x86)\BrowserCompanion C:\Users\Paula\AppData\Roaming\BrowserCompanion Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
Schritt 3 Starte noch einmal FRST.
|
08.12.2013, 22:41 | #9 |
| Nationzoom-Virus, was kann ich tun? Hallo Sandra! Hier die Dateien. Für mich sind das Hieroglpyphen Ich kann nicht genug sagen, wie dankbar ich bin, dass Du mir bei meinem Problem hilfst! Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2013 02 Ran by Paula at 2013-12-08 22:27:11 Run:1 Running from C:\Users\Paula\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () C:\Program Files\Enigma Software Group C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms} FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\delta.xml C:\Users\Paula\Documents\Optimizer Pro C:\Program Files (x86)\Optimizer Pro C:\Program Files (x86)\MyPC Backup C:\Program Files (x86)\BrowserCompanion C:\Users\Paula\AppData\Roaming\BrowserCompanion ***************** EsgScanner => Service not found. C:\Program Files\Enigma Software Group => Moved successfully. C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\delta.xml => Moved successfully. C:\Users\Paula\Documents\Optimizer Pro => Moved successfully. C:\Program Files (x86)\Optimizer Pro => Moved successfully. C:\Program Files (x86)\MyPC Backup => Moved successfully. "C:\Program Files (x86)\BrowserCompanion" => File/Directory not found. C:\Users\Paula\AppData\Roaming\BrowserCompanion => Moved successfully. ==== End of Fixlog ==== Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 22:28 on 08/12/2013 by Paula Administrator - Elevation successful ========== filefind ========== Searching for "*nationzoom*" C:\Program Files (x86)\Mozilla Firefox\searchplugins\nationzoom.xml --a---- 574 bytes [18:20 03/12/2013] [18:20 03/12/2013] 6DAEC184708D3DD70D6626BB0FDFABE0 C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\INUQQURU\nationzoom-com-2-entfernen[1].htm --a---- 23028 bytes [15:11 06/12/2013] [15:11 06/12/2013] C6C305DE58B8DABF2F34573CEA8766AD C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V7GZTTVN\145703-nationzoom-virus-tun[1].htm --a---- 269825 bytes [21:22 08/12/2013] [21:22 08/12/2013] 55E5635C9FD2D88E4D1B10E1CF76F21E C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V7GZTTVN\nationzoom-virus-tun_ltr[1].gif --a---- 1035 bytes [15:22 06/12/2013] [15:22 06/12/2013] 279A7CCAE1D652E0EB03D9FB5B067B16 C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X0YITDJM\nationzoom_com[1].htm --a---- 63336 bytes [14:52 06/12/2013] [14:52 06/12/2013] 85B7B04AC975D291235F2209B61C3FEF C:\Users\Paula\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K37UIVRI\www.nationzoom[1].xml --a---- 13 bytes [14:52 06/12/2013] [14:52 06/12/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 Searching for "*skytech*" No files found. ========== folderfind ========== Searching for "*nationzoom*" No folders found. Searching for "*skytech*" No folders found. ========== regfind ========== Searching for "*nationzoom*" No data found. Searching for "*skytech*" No data found. ========== process ========== baofeng.exe - Unable to open process handle. -= EOF =- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2013 02 Ran by Paula (administrator) on PAULA-PC on 08-12-2013 22:33:41 Running from C:\Users\Paula\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Spotify Ltd) C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Windows\SysWOW64\Rezip.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.) HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung) HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-07] () HKCU\...\Run: [Spotify Web Helper] - C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-08] (Spotify Ltd) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKCU - DefaultScope {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390 SearchScopes: HKCU - bProtectorDefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 134.93.48.210 134.93.48.196 FireFox: ======== FF ProfilePath: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default FF user.js: detected! => C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\user.js FF NewTab: about:blank FF DefaultSearchEngine: Search By ZoneAlarm FF SelectedSearchEngine: Search By ZoneAlarm FF Homepage: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Firefox.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\icqplugin.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Plusnetwork.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\zonealarm.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: zonealarm.com - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\ffxtlbr@zonealarm.com FF Extension: ICQ Toolbar - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF Extension: DVDVideoSoftTB - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF Extension: DVDVideoSoft Menu - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX Chrome: ======= CHR HomePage: hxxp://www.searchplusnetwork.com/?sp=vit4 CHR RestoreOnStartup: "hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&" CHR DefaultSearchProvider: Search By ZoneAlarm CHR DefaultSearchURL: hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& CHR DefaultSuggestURL: "suggest_url" : "" CHR Extension: (SiteAdvisor) - C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0 ==================== Services (Whitelisted) ================= R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-26] (Avira Operations GmbH & Co. KG) R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () ==================== Drivers (Whitelisted) ==================== S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-10] (Windows (R) 2003 DDK 3790 provider) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-12-21] (MCCI Corporation) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-08 22:28 - 2013-12-08 22:32 - 00003622 _____ C:\Users\Paula\Desktop\SystemLook.txt 2013-12-08 22:28 - 2013-12-08 22:28 - 00165376 _____ C:\Users\Paula\Desktop\SystemLook_x64.exe 2013-12-08 22:27 - 2013-12-08 22:27 - 00000000 ____D C:\Users\Paula\Desktop\FRST-OlderVersion 2013-12-08 22:25 - 2013-12-08 22:27 - 01927772 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe 2013-12-08 22:24 - 2013-12-08 22:24 - 00003217 _____ C:\Users\Paula\fixlist.txt 2013-12-08 10:30 - 2013-12-08 10:31 - 00026939 _____ C:\Users\Paula\Desktop\Addition.txt 2013-12-07 16:14 - 2013-12-08 22:34 - 00012915 _____ C:\Users\Paula\Desktop\FRST.txt 2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt 2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe 2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt 2013-12-07 15:26 - 2013-12-07 16:01 - 00000000 ____D C:\Qoobox 2013-12-07 15:26 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2013-12-07 15:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2013-12-07 15:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2013-12-07 15:25 - 2013-12-07 15:59 - 00000000 ____D C:\Windows\erdnt 2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe 2013-12-07 09:42 - 2013-12-08 22:27 - 00000000 ____D C:\FRST 2013-12-07 09:26 - 2013-12-08 22:16 - 00000392 _____ C:\Windows\setupact.log 2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log 2013-12-07 09:24 - 2013-12-07 15:54 - 00003036 _____ C:\Windows\PFRO.log 2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint 2013-12-06 10:05 - 2013-12-06 10:08 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk 2013-12-06 10:05 - 2013-12-06 10:08 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi 2013-12-06 10:02 - 2013-12-06 10:02 - 00401752 _____ (Softonic ) C:\Users\Paula\Downloads\SoftonicDownloader_fuer_hijackthis.exe 2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner 2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe 2013-12-05 19:06 - 2013-12-06 10:24 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe 2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat 2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun 2013-12-03 19:20 - 2013-12-06 16:00 - 00000000 ____D C:\ProgramData\WPM 2013-11-25 18:36 - 2013-11-25 19:04 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls 2013-11-25 11:57 - 2013-12-05 15:07 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp 2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp 2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴ 2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj 2013-11-17 13:13 - 2013-11-18 17:42 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp 2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp 2013-11-13 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-13 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-13 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-13 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 21:44 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 21:44 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-13 21:44 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 21:44 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 20:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-13 20:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 20:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 20:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-13 20:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 20:40 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 20:40 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 20:40 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-13 20:40 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-13 20:40 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-13 20:40 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 20:40 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-13 20:40 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-13 20:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 20:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-13 20:40 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-13 20:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-13 20:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-13 20:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-13 20:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-13 20:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-13 20:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 20:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-13 20:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-13 20:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-13 20:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 20:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-13 20:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 20:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-13 20:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys ==================== One Month Modified Files and Folders ======= 2013-12-08 22:34 - 2013-12-07 16:14 - 00012915 _____ C:\Users\Paula\Desktop\FRST.txt 2013-12-08 22:32 - 2013-12-08 22:28 - 00003622 _____ C:\Users\Paula\Desktop\SystemLook.txt 2013-12-08 22:28 - 2013-12-08 22:28 - 00165376 _____ C:\Users\Paula\Desktop\SystemLook_x64.exe 2013-12-08 22:27 - 2013-12-08 22:27 - 00000000 ____D C:\Users\Paula\Desktop\FRST-OlderVersion 2013-12-08 22:27 - 2013-12-08 22:25 - 01927772 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe 2013-12-08 22:27 - 2013-12-07 09:42 - 00000000 ____D C:\FRST 2013-12-08 22:25 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-08 22:25 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-08 22:24 - 2013-12-08 22:24 - 00003217 _____ C:\Users\Paula\fixlist.txt 2013-12-08 22:24 - 2011-01-25 19:48 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2791A68D-C69A-4C65-8CB5-A1EECA16B518} 2013-12-08 22:24 - 2011-01-25 18:37 - 00000000 ____D C:\Users\Paula 2013-12-08 22:21 - 2010-06-01 02:03 - 01458752 _____ C:\Windows\WindowsUpdate.log 2013-12-08 22:16 - 2013-12-07 09:26 - 00000392 _____ C:\Windows\setupact.log 2013-12-08 22:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-08 19:24 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Spotify 2013-12-08 19:24 - 2011-01-25 21:45 - 00000000 ____D C:\Users\Paula\AppData\Roaming\SoftGrid Client 2013-12-08 19:10 - 2013-04-05 17:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-08 10:31 - 2013-12-08 10:30 - 00026939 _____ C:\Users\Paula\Desktop\Addition.txt 2013-12-07 19:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-12-07 17:25 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Spotify 2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt 2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe 2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt 2013-12-07 16:01 - 2013-12-07 15:26 - 00000000 ____D C:\Qoobox 2013-12-07 16:01 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default 2013-12-07 15:59 - 2013-12-07 15:25 - 00000000 ____D C:\Windows\erdnt 2013-12-07 15:55 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2013-12-07 15:54 - 2013-12-07 09:24 - 00003036 _____ C:\Windows\PFRO.log 2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe 2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log 2013-12-06 16:09 - 2011-07-20 22:10 - 00000000 ____D C:\Users\Paula\AppData\Roaming\DVDVideoSoft 2013-12-06 16:08 - 2011-01-25 18:57 - 00000000 ___RD C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-06 16:07 - 2010-06-01 18:30 - 02980236 _____ C:\Windows\system32\perfh007.dat 2013-12-06 16:07 - 2010-06-01 18:30 - 00881166 _____ C:\Windows\system32\perfc007.dat 2013-12-06 16:07 - 2009-07-14 06:13 - 00006492 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-06 16:03 - 2010-06-01 01:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO 2013-12-06 16:00 - 2013-12-03 19:20 - 00000000 ____D C:\ProgramData\WPM 2013-12-06 10:24 - 2013-12-05 19:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing 2013-12-06 10:09 - 2011-01-25 18:57 - 00000000 ____D C:\Users\Paula\AppData\Local\VirtualStore 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2013-12-06 10:08 - 2013-12-06 10:05 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk 2013-12-06 10:08 - 2013-12-06 10:05 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint 2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi 2013-12-06 10:02 - 2013-12-06 10:02 - 00401752 _____ (Softonic ) C:\Users\Paula\Downloads\SoftonicDownloader_fuer_hijackthis.exe 2013-12-06 09:57 - 2011-08-21 20:56 - 00000000 ____D C:\Users\Paula\AppData\Roaming\FileZilla 2013-12-06 09:57 - 2011-07-16 19:51 - 00000000 ____D C:\Users\Paula\Tracing 2013-12-06 09:54 - 2011-07-17 21:17 - 00000000 ____D C:\Windows\Minidump 2013-12-06 09:54 - 2009-08-02 03:27 - 00000000 ____D C:\Windows\Panther 2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner 2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe 2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat 2013-12-05 15:07 - 2013-11-25 11:57 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp 2013-12-05 14:56 - 2013-08-14 07:15 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-04 14:50 - 2011-01-25 18:39 - 00000000 ____D C:\Program Files (x86)\Game Pack 2013-12-04 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun 2013-12-03 19:27 - 2011-01-25 21:42 - 00006474 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-03 19:20 - 2011-02-21 22:06 - 00002161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-03 19:20 - 2011-01-25 18:57 - 00001655 _____ C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-03 19:18 - 2013-08-18 21:16 - 00000000 ____D C:\Users\Paula\Desktop\Stufe 2013-12-02 20:37 - 2011-07-12 14:48 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Skype 2013-11-26 20:41 - 2013-08-14 07:17 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-11-26 20:41 - 2013-08-14 07:15 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-11-26 20:41 - 2013-08-14 07:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-11-25 19:04 - 2013-11-25 18:36 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls 2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp 2013-11-24 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat 2013-11-24 21:12 - 2011-11-03 17:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Akamai 2013-11-24 21:12 - 2010-06-01 02:11 - 00000000 ____D C:\ProgramData\WinClon 2013-11-24 21:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-11-20 16:34 - 2013-04-04 13:59 - 00002018 ____H C:\Users\Paula\Documents\Default.rdp 2013-11-19 12:34 - 2012-05-06 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-18 17:42 - 2013-11-17 13:13 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp 2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴ 2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj 2013-11-17 14:56 - 2013-07-13 15:15 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013 2013-11-17 14:50 - 2012-07-02 14:54 - 00000000 ____D C:\Users\Paula\Desktop\Jura Studium 2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp 2013-11-14 09:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-11-13 21:44 - 2013-07-22 06:56 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 21:40 - 2011-01-28 23:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-11 05:50 - 2011-01-27 17:30 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Paula\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-01 18:18 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2013 02 Ran by Paula at 2013-12-08 22:35:06 Running from C:\Users\Paula\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) Akamai NetSession Interface (HKCU) Akamai NetSession Interface Service (x32) Alice Greenfingers (x32) Apple Application Support (x32 Version: 2.1.6) Apple Mobile Device Support (Version: 4.0.0.97) Apple Software Update (x32 Version: 2.1.3.127) ATI Catalyst Install Manager (Version: 3.0.774.0) Avira Free Antivirus (x32 Version: 14.0.1.759) BatteryLifeExtender (x32 Version: 1.0.3) Broadcom 802.11 Network Adapter (Version: 5.60.48.44) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Full New (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Light (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0504.2152.37420) Catalyst Control Center InstallProxy (x32 Version: 2010.0504.2152.37420) Catalyst Control Center Localization All (x32 Version: 2010.0504.2152.37420) CCC Help Chinese Standard (x32 Version: 2010.0504.2151.37420) CCC Help Chinese Traditional (x32 Version: 2010.0504.2151.37420) CCC Help Czech (x32 Version: 2010.0504.2151.37420) CCC Help Danish (x32 Version: 2010.0504.2151.37420) CCC Help Dutch (x32 Version: 2010.0504.2151.37420) CCC Help English (x32 Version: 2010.0504.2151.37420) CCC Help Finnish (x32 Version: 2010.0504.2151.37420) CCC Help French (x32 Version: 2010.0504.2151.37420) CCC Help German (x32 Version: 2010.0504.2151.37420) CCC Help Greek (x32 Version: 2010.0504.2151.37420) CCC Help Hungarian (x32 Version: 2010.0504.2151.37420) CCC Help Italian (x32 Version: 2010.0504.2151.37420) CCC Help Japanese (x32 Version: 2010.0504.2151.37420) CCC Help Korean (x32 Version: 2010.0504.2151.37420) CCC Help Norwegian (x32 Version: 2010.0504.2151.37420) CCC Help Polish (x32 Version: 2010.0504.2151.37420) CCC Help Portuguese (x32 Version: 2010.0504.2151.37420) CCC Help Russian (x32 Version: 2010.0504.2151.37420) CCC Help Spanish (x32 Version: 2010.0504.2151.37420) CCC Help Swedish (x32 Version: 2010.0504.2151.37420) CCC Help Thai (x32 Version: 2010.0504.2151.37420) CCC Help Turkish (x32 Version: 2010.0504.2151.37420) ccc-core-static (x32 Version: 2010.0504.2152.37420) ccc-utility64 (Version: 2010.0504.2152.37420) CCleaner (Version: 4.08) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.661) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.661) Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.661) CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0) CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0) CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.2) CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1) CorelDRAW Graphics Suite X5 (x32 Version: 15.2) CorelDRAW(R) Graphics Suite X5 (x32 Version: 15.2.0.661) CyberLink YouCam (x32 Version: 2.0.3911) Daycare Nightmare (x32) Easy Content Share (x32 Version: 1.0.0.13) Easy Display Manager (x32 Version: 3.1) Easy Network Manager (x32 Version: 4.3.1) Easy SpeedUp Manager (x32 Version: 2.1.0.11) EasyBatteryManager (x32 Version: 4.0.0.4) EasyFileShare (x32 Version: 1.0.3) ETDWare PS/2-x64 7.0.7.0_WHQL (Version: 7.0.7.0) FileZilla Client 3.5.0 (x32 Version: 3.5.0) Flip Words (x32) Free Audio CD Burner version 1.4.7 (x32) Galapago (x32) Game Pack (x32 Version: 6.3.1.1) Gem Shop (x32) HiJackThis (x32 Version: 1.0.0) Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (x32 Version: 1) Insaniquarium Deluxe (x32) Intel(R) Rapid Storage Technology (x32 Version: 9.6.3.1001) Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002) IrfanView (remove only) (x32 Version: 4.30) iTunes (Version: 10.5.2.11) LibreOffice 3.3 (x32 Version: 3.3.401) Mahjong Escape Ancient China (x32) Marvell Miniport Driver (x32 Version: 11.22.3.3) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000) Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (x32 Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (x32 Version: 9.0.30729) Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1) Mozilla Maintenance Service (x32 Version: 25.0.1) OpenOffice.org 3.4 (x32 Version: 3.4.9590) PhotoStage Slideshow Producer (x32) Picasa 3 (x32 Version: 3.9) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6083) REALTEK Wireless LAN Software (x32 Version: 0133.09.1202) Samsung Kies (x32 Version: 2.2.0.12014_18) Samsung Recovery Solution 4 (x32 Version: 4.0.0.6) Samsung Support Center (x32 Version: 1.0.2) Samsung Update Plus (x32 Version: 2.0) SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0) Skype Click to Call (x32 Version: 6.3.11079) Skype™ 5.10 (x32 Version: 5.10.116) Spotify (HKCU Version: 0.9.6.81.gd359a796) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) User Guide (x32 Version: 1.0) Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69) Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69) Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5) ==================== Restore Points ========================= 04-12-2013 22:27:54 Windows Update 05-12-2013 07:57:31 Windows Update 05-12-2013 15:06:00 Installed SpyHunter 06-12-2013 09:04:52 Installed HiJackThis 06-12-2013 15:03:14 Removed Atheros Client Installation Program 06-12-2013 15:05:47 Removed HiJackThis 06-12-2013 15:08:03 Removed Bonjour 07-12-2013 14:12:52 Removed SpyHunter 07-12-2013 14:16:14 Removed Java(TM) 6 Update 22 ==================== Hosts content: ========================== 2009-07-14 03:34 - 2013-12-07 15:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {100C4F02-D9E2-403A-A907-64348E952739} - System32\Tasks\{B3CAFF63-E2BB-46DD-8413-8886624B9A7C} => C:\Users\Paula\Desktop\Downloads\avira_antivir_personal_de609.exe [2011-01-27] () Task: {2224746E-5CFC-48E0-89CF-1A3AA51AEA8D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {2BC78291-5B64-4D3C-934D-F1894BAD0787} - System32\Tasks\{5FE05CF0-3CF1-494C-A406-7B9C3C1205F8} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe Task: {3ECC68C6-E2C5-4191-96DA-AE07FF7BEDC9} - System32\Tasks\{F00A186A-630B-49A6-956C-46E3DB0A2BA2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar Task: {62A69A7F-0BDB-45D4-B4AB-A4FFA1F2D6B7} - System32\Tasks\{47F9CF17-2A0C-4179-812F-02A59A171263} => C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe Task: {6C77CCCD-9510-43C0-90EF-F296F4CB5443} - System32\Tasks\{96E187CA-3D74-4562-B558-F8D6DE40E38E} => C:\Users\Paula\Desktop\Downloads\avira_antivir_personal_de609.exe [2011-01-27] () Task: {7EE38988-AB08-4453-AA80-C802C1252B79} - System32\Tasks\{21A303CA-1074-45ED-BEDF-7DC23FB69BDF} => C:\Users\Paula\Desktop\Stufe\avira_free_antivirus_de.exe Task: {8813E5D3-87AE-4768-B14F-387BD05ACF8D} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics) Task: {94A6DB14-A166-40F1-A289-C1AB91B85AA7} - System32\Tasks\{A0D3ACA3-AF85-4C31-BBA1-56F427CC9FD1} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe Task: {B3038D87-CE94-422A-9FDC-9D893BB5CEE3} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {CD819A81-4C92-4F0E-9242-D3431D89ACF4} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.) Task: {D7124D21-9D3D-430E-9095-5CA5C98AB530} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-04-17] (Samsung Electronics. Co. Ltd.) Task: {D774F9DD-6A0C-478D-A6E1-DF1734E28C67} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe Task: {E0AE514E-34F8-42BF-8EF8-B6BD4BD52D96} - System32\Tasks\{27725434-10B2-41EA-843B-EB5ED3C8D687} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation) Task: {EB8F3FFE-B076-4E82-8CB6-A2DE27366159} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd) Task: {EDCACFEC-9D3B-400E-83BB-3EBCF095C234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated) Task: {F56B76B9-95E0-47F8-8A07-72DDB540B015} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-04-07] (Samsung Electronics Co., Ltd.) Task: {F9CE13F9-8BA6-4A7A-9512-FC0F318C1BB5} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2009-02-12 06:32 - 2009-02-12 06:32 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-06-01 02:01 - 2010-06-01 02:01 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-08-14 07:15 - 2013-08-13 08:32 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-06-01 02:09 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll 2013-12-08 10:08 - 2013-12-08 10:08 - 00115137 _____ () C:\Users\Paula\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/08/2013 06:49:32 PM) (Source: Application Hang) (User: ) Description: Programm IEXPLORE.EXE, Version 10.0.9200.16736 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 160c Startzeit: 01cef41a3d4f84d2 Endzeit: 28 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: Error: (12/07/2013 03:49:56 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (12/06/2013 03:37:48 PM) (Source: Application Hang) (User: ) Description: Programm IEXPLORE.EXE, Version 10.0.9200.16736 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8cc Startzeit: 01cef28dc866f07f Endzeit: 25 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 998 Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 998 Error: (12/06/2013 00:58:00 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/06/2013 10:36:30 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator System errors: ============= Error: (12/08/2013 10:17:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (12/08/2013 10:17:28 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Application Virtualization Client" ist vom Dienst "Application Virtualization Service Agent" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053 Error: (12/08/2013 10:17:25 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Application Virtualization Service Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/08/2013 10:17:25 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Application Virtualization Service Agent erreicht. Error: (12/08/2013 07:24:20 PM) (Source: DCOM) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (12/08/2013 10:08:53 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht. Error: (12/07/2013 03:55:12 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht. Error: (12/07/2013 03:53:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (12/07/2013 03:53:11 PM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (12/07/2013 03:53:11 PM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Microsoft Office Sessions: ========================= Error: (12/08/2013 06:49:32 PM) (Source: Application Hang)(User: ) Description: IEXPLORE.EXE10.0.9200.16736160c01cef41a3d4f84d228C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Error: (12/07/2013 03:49:56 PM) (Source: CVHSVC)(User: ) Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (12/06/2013 03:37:48 PM) (Source: Application Hang)(User: ) Description: IEXPLORE.EXE10.0.9200.167368cc01cef28dc866f07f25C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 998 Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 998 Error: (12/06/2013 00:58:00 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/06/2013 10:36:30 AM) (Source: VSS)(User: ) Description: Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator CodeIntegrity Errors: =================================== Date: 2013-12-07 15:53:11.615 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-12-07 15:53:11.412 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-12-07 15:53:11.210 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-12-07 15:53:11.007 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-12-07 15:32:48.006 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-12-07 15:32:47.819 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 3946.18 MB Available physical RAM: 2381.03 MB Total Pagefile: 7890.54 MB Available Pagefile: 6028.71 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:179 GB) (Free:99.44 GB) NTFS Drive d: () (Fixed) (Total:266.66 GB) (Free:249.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 4394EB81) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=179 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=267 GB) - (Type=OF Extended) ==================== End Of Log ============================ Paula |
09.12.2013, 10:46 | #10 | ||
Ruhe in Frieden † 2019 | Nationzoom-Virus, was kann ich tun? Hallo Paula, Zitat:
Zitat:
Deine Logs sehen schon sehr viel besser aus, was machen deine Browser, ist nationzoom verschwunden? Wie läuft dein Rechner jetzt? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X0YITDJM\nationzoom_com[1].htm C:\Users\Paula\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K37UIVRI\www.nationzoom[1].xml Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
|
09.12.2013, 14:07 | #11 |
| Nationzoom-Virus, was kann ich tun? Der Rechner läuft schon seeehr viel flüssiger. Während dem Surfen kommen auch keine Fenster mehr und er wird allgemein nicht mehr so heiß. Aber Nationzoom ist immer noch da. Hier die Dateien: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2013 03 Ran by Paula at 2013-12-09 11:17:19 Run:3 Running from C:\Users\Paula\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X0YITDJM\nationzoom_com[1].htm C:\Users\Paula\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K37UIVRI\www.nationzoom[1].xml ***************** "C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml" => not found. "C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X0YITDJM\nationzoom_com[1].htm" => File/Directory not found. "C:\Users\Paula\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K37UIVRI\www.nationzoom[1].xml" => File/Directory not found. ==== End of Fixlog ==== Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.09.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 Paula :: PAULA-PC [Administrator] Schutz: Aktiviert 09.12.2013 11:21:48 mbam-log-2013-12-09 (11-21-48).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213864 Laufzeit: 6 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 6 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\nationzoomSoftware (PUP.Optional.NationZoom.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. FRST folgt sogleich Hier ist's: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2013 03 Ran by Paula (administrator) on PAULA-PC on 09-12-2013 14:09:43 Running from C:\Users\Paula\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe () C:\Windows\SysWOW64\Rezip.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Spotify Ltd) C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.) HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung) HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-07] () HKCU\...\Run: [Spotify Web Helper] - C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-08] (Spotify Ltd) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKCU - DefaultScope {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390 SearchScopes: HKCU - {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 134.93.48.210 134.93.48.196 FireFox: ======== FF ProfilePath: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default FF user.js: detected! => C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\user.js FF NewTab: about:blank FF DefaultSearchEngine: Search By ZoneAlarm FF SelectedSearchEngine: Search By ZoneAlarm FF Homepage: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Firefox.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\icqplugin.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Plusnetwork.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\zonealarm.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: zonealarm.com - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\ffxtlbr@zonealarm.com FF Extension: ICQ Toolbar - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF Extension: DVDVideoSoftTB - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF Extension: DVDVideoSoft Menu - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: hxxp://www.searchplusnetwork.com/?sp=vit4 CHR RestoreOnStartup: "hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&" CHR DefaultSearchProvider: Search By ZoneAlarm CHR DefaultSearchURL: hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& CHR DefaultSuggestURL: "suggest_url" : "" CHR Extension: (SiteAdvisor) - C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0 ==================== Services (Whitelisted) ================= R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-26] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () ==================== Drivers (Whitelisted) ==================== S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-10] (Windows (R) 2003 DDK 3790 provider) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-12-21] (MCCI Corporation) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-09 11:38 - 2013-12-09 11:38 - 02347384 _____ (ESET) C:\Users\Paula\Desktop\esetsmartinstaller_enu.exe 2013-12-09 11:19 - 2013-12-09 11:19 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Malwarebytes 2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-09 11:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-09 11:18 - 2013-12-09 11:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paula\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-08 22:28 - 2013-12-08 22:32 - 00003622 _____ C:\Users\Paula\Desktop\SystemLook.txt 2013-12-08 22:28 - 2013-12-08 22:28 - 00165376 _____ C:\Users\Paula\Desktop\SystemLook_x64.exe 2013-12-08 22:27 - 2013-12-09 11:15 - 00000000 ____D C:\Users\Paula\Desktop\FRST-OlderVersion 2013-12-08 22:25 - 2013-12-09 11:15 - 01927998 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe 2013-12-08 22:24 - 2013-12-08 22:24 - 00003217 _____ C:\Users\Paula\fixlist.txt 2013-12-08 10:30 - 2013-12-08 22:35 - 00026375 _____ C:\Users\Paula\Desktop\Addition.txt 2013-12-07 16:14 - 2013-12-09 14:09 - 00013968 _____ C:\Users\Paula\Desktop\FRST.txt 2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt 2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe 2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt 2013-12-07 15:26 - 2013-12-07 16:01 - 00000000 ____D C:\Qoobox 2013-12-07 15:26 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2013-12-07 15:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2013-12-07 15:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2013-12-07 15:25 - 2013-12-07 15:59 - 00000000 ____D C:\Windows\erdnt 2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe 2013-12-07 09:42 - 2013-12-09 11:15 - 00000000 ____D C:\FRST 2013-12-07 09:26 - 2013-12-09 11:31 - 00000560 _____ C:\Windows\setupact.log 2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log 2013-12-07 09:24 - 2013-12-09 11:31 - 00006500 _____ C:\Windows\PFRO.log 2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint 2013-12-06 10:05 - 2013-12-06 10:08 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk 2013-12-06 10:05 - 2013-12-06 10:08 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi 2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner 2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe 2013-12-05 19:06 - 2013-12-06 10:24 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe 2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat 2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun 2013-12-03 19:20 - 2013-12-06 16:00 - 00000000 ____D C:\ProgramData\WPM 2013-11-25 18:36 - 2013-11-25 19:04 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten.xls 2013-11-25 11:57 - 2013-12-05 15:07 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp 2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp 2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ 2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj 2013-11-17 13:13 - 2013-11-18 17:42 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp 2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp 2013-11-13 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-13 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-13 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-13 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 21:44 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 21:44 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-13 21:44 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 21:44 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 20:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-13 20:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 20:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 20:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-13 20:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 20:40 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 20:40 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 20:40 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-13 20:40 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-13 20:40 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-13 20:40 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 20:40 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-13 20:40 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-13 20:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 20:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-13 20:40 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-13 20:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-13 20:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-13 20:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-13 20:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-13 20:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-13 20:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 20:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-13 20:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-13 20:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-13 20:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 20:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-13 20:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 20:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-13 20:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys ==================== One Month Modified Files and Folders ======= 2013-12-09 14:10 - 2013-12-07 16:14 - 00013968 _____ C:\Users\Paula\Desktop\FRST.txt 2013-12-09 14:10 - 2013-04-05 17:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-09 13:54 - 2010-06-01 02:03 - 01550019 _____ C:\Windows\WindowsUpdate.log 2013-12-09 13:24 - 2011-01-25 19:48 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2791A68D-C69A-4C65-8CB5-A1EECA16B518} 2013-12-09 11:39 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-09 11:39 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-09 11:38 - 2013-12-09 11:38 - 02347384 _____ (ESET) C:\Users\Paula\Desktop\esetsmartinstaller_enu.exe 2013-12-09 11:31 - 2013-12-07 09:26 - 00000560 _____ C:\Windows\setupact.log 2013-12-09 11:31 - 2013-12-07 09:24 - 00006500 _____ C:\Windows\PFRO.log 2013-12-09 11:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-09 11:19 - 2013-12-09 11:19 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Malwarebytes 2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-09 11:18 - 2013-12-09 11:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paula\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-09 11:15 - 2013-12-08 22:27 - 00000000 ____D C:\Users\Paula\Desktop\FRST-OlderVersion 2013-12-09 11:15 - 2013-12-08 22:25 - 01927998 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe 2013-12-09 11:15 - 2013-12-07 09:42 - 00000000 ____D C:\FRST 2013-12-08 22:35 - 2013-12-08 10:30 - 00026375 _____ C:\Users\Paula\Desktop\Addition.txt 2013-12-08 22:32 - 2013-12-08 22:28 - 00003622 _____ C:\Users\Paula\Desktop\SystemLook.txt 2013-12-08 22:28 - 2013-12-08 22:28 - 00165376 _____ C:\Users\Paula\Desktop\SystemLook_x64.exe 2013-12-08 22:24 - 2013-12-08 22:24 - 00003217 _____ C:\Users\Paula\fixlist.txt 2013-12-08 22:24 - 2011-01-25 18:37 - 00000000 ____D C:\Users\Paula 2013-12-08 19:24 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Spotify 2013-12-08 19:24 - 2011-01-25 21:45 - 00000000 ____D C:\Users\Paula\AppData\Roaming\SoftGrid Client 2013-12-07 19:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-12-07 17:25 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Spotify 2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt 2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe 2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt 2013-12-07 16:01 - 2013-12-07 15:26 - 00000000 ____D C:\Qoobox 2013-12-07 16:01 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default 2013-12-07 15:59 - 2013-12-07 15:25 - 00000000 ____D C:\Windows\erdnt 2013-12-07 15:55 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe 2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log 2013-12-06 16:09 - 2011-07-20 22:10 - 00000000 ____D C:\Users\Paula\AppData\Roaming\DVDVideoSoft 2013-12-06 16:08 - 2011-01-25 18:57 - 00000000 ___RD C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-06 16:07 - 2010-06-01 18:30 - 02980236 _____ C:\Windows\system32\perfh007.dat 2013-12-06 16:07 - 2010-06-01 18:30 - 00881166 _____ C:\Windows\system32\perfc007.dat 2013-12-06 16:07 - 2009-07-14 06:13 - 00006492 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-06 16:03 - 2010-06-01 01:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO 2013-12-06 16:00 - 2013-12-03 19:20 - 00000000 ____D C:\ProgramData\WPM 2013-12-06 10:24 - 2013-12-05 19:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing 2013-12-06 10:09 - 2011-01-25 18:57 - 00000000 ____D C:\Users\Paula\AppData\Local\VirtualStore 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2013-12-06 10:08 - 2013-12-06 10:05 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk 2013-12-06 10:08 - 2013-12-06 10:05 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint 2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi 2013-12-06 09:57 - 2011-08-21 20:56 - 00000000 ____D C:\Users\Paula\AppData\Roaming\FileZilla 2013-12-06 09:57 - 2011-07-16 19:51 - 00000000 ____D C:\Users\Paula\Tracing 2013-12-06 09:54 - 2011-07-17 21:17 - 00000000 ____D C:\Windows\Minidump 2013-12-06 09:54 - 2009-08-02 03:27 - 00000000 ____D C:\Windows\Panther 2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner 2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe 2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat 2013-12-05 15:07 - 2013-11-25 11:57 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp 2013-12-05 14:56 - 2013-08-14 07:15 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-04 14:50 - 2011-01-25 18:39 - 00000000 ____D C:\Program Files (x86)\Game Pack 2013-12-04 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun 2013-12-03 19:27 - 2011-01-25 21:42 - 00006474 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-03 19:20 - 2011-02-21 22:06 - 00002161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-03 19:20 - 2011-01-25 18:57 - 00001655 _____ C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-03 19:18 - 2013-08-18 21:16 - 00000000 ____D C:\Users\Paula\Desktop\Stufe 2013-12-02 20:37 - 2011-07-12 14:48 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Skype 2013-11-26 20:41 - 2013-08-14 07:17 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-11-26 20:41 - 2013-08-14 07:15 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-11-26 20:41 - 2013-08-14 07:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-11-25 19:04 - 2013-11-25 18:36 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls 2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp 2013-11-24 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat 2013-11-24 21:12 - 2011-11-03 17:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Akamai 2013-11-24 21:12 - 2010-06-01 02:11 - 00000000 ____D C:\ProgramData\WinClon 2013-11-24 21:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-11-20 16:34 - 2013-04-04 13:59 - 00002018 ____H C:\Users\Paula\Documents\Default.rdp 2013-11-19 12:34 - 2012-05-06 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-18 17:42 - 2013-11-17 13:13 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp 2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ 2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj 2013-11-17 14:56 - 2013-07-13 15:15 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013 2013-11-17 14:50 - 2012-07-02 14:54 - 00000000 ____D C:\Users\Paula\Desktop\Jura Studium 2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp 2013-11-14 09:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-11-13 21:44 - 2013-07-22 06:56 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 21:40 - 2011-01-28 23:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-11 05:50 - 2011-01-27 17:30 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Paula\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-01 18:18 ==================== End Of Log ============================ --- --- --- --- --- --- Liebe Grüße!! Edit: Kann es sein, dass ich vergessen habe die Datei von ESET zu schicken? Jetzt habe ich das Problem, dass ich ESET ja schon gelöscht habe und die Datei ja damit auch Was soll ich jetzt tun? Paula und Technik *kopfschüttel* Geändert von Paula123 (09.12.2013 um 14:30 Uhr) |
09.12.2013, 22:44 | #12 |
Ruhe in Frieden † 2019 | Nationzoom-Virus, was kann ich tun? Hallo Paula, angesichts der Art deiner Infektionen möchte ich dich bitten den ESET-Scan nochmal auszuführen. Was machen deine Browser nach dem folgenden Schritt? Schritt 1 Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
Schritt 2 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 3 Starte noch einmal FRST.
|
10.12.2013, 10:33 | #13 |
| Nationzoom-Virus, was kann ich tun? Hallo Sandra! Hier die Dateien Code:
ATTFilter More Information about Shortcut Cleaner can be found at this link: hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/ Windows Version: Windows 7 Home Premium Service Pack 1 Program started at: 12/10/2013 08:01:42 AM. Scanning for registry hijacks: * No issues found in the Registry. Searching for Hijacked Shortcuts: Searching C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\ * Shortcut Cleaned: C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX * Shortcut Cleaned: C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX Searching C:\ProgramData\Microsoft\Windows\Start Menu\ * Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX Searching C:\Users\Paula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ * Shortcut Cleaned: C:\Users\Paula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX * Shortcut Cleaned: C:\Users\Paula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX * Shortcut Cleaned: C:\Users\Paula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX Searching C:\Users\Public\Desktop\ * Shortcut Cleaned: C:\Users\Public\Desktop\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX Searching C:\Users\Paula\Desktop 7 bad shortcuts found. Program finished at: 12/10/2013 08:01:49 AM Execution time: 0 hours(s), 0 minute(s), and 6 seconds(s) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=5a4313fd05f7cd40b9dc4e6f9f7931d8 # engine=16202 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-12-10 09:29:25 # local_time=2013-12-10 10:29:25 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 94 9672 157339070 6050 0 # compatibility_mode=5893 16776573 100 94 9473 138297615 0 0 # scanned=190857 # found=5 # cleaned=0 # scan_time=8578 sh=4292DD35D8E102F2D3575BAFE421DAB3F9FEA2FD ft=1 fh=eea2cb929fff650f vn="a variant of Win32/Kryptik.BQIL trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Paula\AppData\Roaming\Opkiga\ahci.exe.vir" sh=EB612CEE1AE09C0C1B59D8C821558F4E981D7695 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2011-3544.L trojan" ac=I fn="C:\Users\Paula\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\4775ce59-51d2aa18" sh=AFA348F989F09BE9DD604B75723E7ADC74A72C92 ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.Agent.NDJ trojan" ac=I fn="C:\Users\Paula\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7950f419-1cfaed38" sh=BC3F94F605C9D4649552410AFC4206D635A7E694 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Paula\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\35f60a1e-772ede87" sh=EB612CEE1AE09C0C1B59D8C821558F4E981D7695 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2011-3544.L trojan" ac=I fn="C:\Users\Paula\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\289bade0-1a548957" FRST folgt sogleich Hier ist's: Code:
ATTFilter ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Windows\SysWOW64\Rezip.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Spotify Ltd) C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE () Q:\140066.deu\Office14\WINWORDC.EXE () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE () Q:\140066.deu\Office14\OffSpon.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.) HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung) HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-07] () HKCU\...\Run: [Spotify Web Helper] - C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-08] (Spotify Ltd) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKCU - DefaultScope {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390 SearchScopes: HKCU - {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 134.93.48.210 134.93.48.196 FireFox: ======== FF ProfilePath: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default FF user.js: detected! => C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\user.js FF NewTab: about:blank FF DefaultSearchEngine: Search By ZoneAlarm FF SelectedSearchEngine: Search By ZoneAlarm FF Homepage: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Firefox.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\icqplugin.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Plusnetwork.xml FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\zonealarm.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: zonealarm.com - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\ffxtlbr@zonealarm.com FF Extension: ICQ Toolbar - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF Extension: DVDVideoSoftTB - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF Extension: DVDVideoSoft Menu - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: hxxp://www.searchplusnetwork.com/?sp=vit4 CHR RestoreOnStartup: "hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&" CHR DefaultSearchProvider: Search By ZoneAlarm CHR DefaultSearchURL: hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& CHR DefaultSuggestURL: "suggest_url" : "" CHR Extension: (SiteAdvisor) - C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0 ==================== Services (Whitelisted) ================= R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-26] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () ==================== Drivers (Whitelisted) ==================== S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-10] (Windows (R) 2003 DDK 3790 provider) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-12-21] (MCCI Corporation) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-10 08:04 - 2013-12-10 08:04 - 02347384 _____ (ESET) C:\Users\Paula\Desktop\esetsmartinstaller_enu.exe 2013-12-10 08:02 - 2013-12-10 08:02 - 00005724 _____ C:\Users\Paula\Desktop\sc-cleaner.txt 2013-12-10 08:01 - 2013-12-10 08:01 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Paula\Desktop\sc-cleaner.exe 2013-12-10 08:01 - 2013-12-10 08:01 - 00005724 _____ C:\sc-cleaner.txt 2013-12-09 11:19 - 2013-12-09 11:19 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Malwarebytes 2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-09 11:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-09 11:18 - 2013-12-09 11:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paula\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-08 22:28 - 2013-12-08 22:32 - 00003622 _____ C:\Users\Paula\Desktop\SystemLook.txt 2013-12-08 22:28 - 2013-12-08 22:28 - 00165376 _____ C:\Users\Paula\Desktop\SystemLook_x64.exe 2013-12-08 22:27 - 2013-12-10 10:34 - 00000000 ____D C:\Users\Paula\Desktop\FRST-OlderVersion 2013-12-08 22:25 - 2013-12-10 10:34 - 01927982 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe 2013-12-08 22:24 - 2013-12-08 22:24 - 00003217 _____ C:\Users\Paula\fixlist.txt 2013-12-08 10:30 - 2013-12-08 22:35 - 00026375 _____ C:\Users\Paula\Desktop\Addition.txt 2013-12-07 16:14 - 2013-12-10 10:35 - 00012971 _____ C:\Users\Paula\Desktop\FRST.txt 2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt 2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe 2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt 2013-12-07 15:26 - 2013-12-07 16:01 - 00000000 ____D C:\Qoobox 2013-12-07 15:26 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2013-12-07 15:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2013-12-07 15:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2013-12-07 15:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2013-12-07 15:25 - 2013-12-07 15:59 - 00000000 ____D C:\Windows\erdnt 2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe 2013-12-07 09:42 - 2013-12-10 10:34 - 00000000 ____D C:\FRST 2013-12-07 09:26 - 2013-12-10 07:42 - 00000616 _____ C:\Windows\setupact.log 2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log 2013-12-07 09:24 - 2013-12-09 11:31 - 00006500 _____ C:\Windows\PFRO.log 2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint 2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi 2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner 2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe 2013-12-05 19:06 - 2013-12-06 10:24 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe 2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat 2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun 2013-12-03 19:20 - 2013-12-06 16:00 - 00000000 ____D C:\ProgramData\WPM 2013-11-25 18:36 - 2013-11-25 19:04 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten.xls 2013-11-25 11:57 - 2013-12-05 15:07 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp 2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp 2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ 2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj 2013-11-17 13:13 - 2013-11-18 17:42 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp 2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp 2013-11-13 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-13 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-13 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-13 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-13 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-13 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 21:44 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 21:44 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 21:44 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-13 21:44 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 21:44 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 21:44 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 20:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-13 20:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 20:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 20:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-13 20:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 20:40 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 20:40 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 20:40 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-13 20:40 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-13 20:40 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-13 20:40 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 20:40 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-13 20:40 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-13 20:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 20:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-13 20:40 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-13 20:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-13 20:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-13 20:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-13 20:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-13 20:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-13 20:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 20:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-13 20:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-13 20:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-13 20:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 20:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-13 20:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 20:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-13 20:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys ==================== One Month Modified Files and Folders ======= 2013-12-10 10:36 - 2013-12-07 16:14 - 00012971 _____ C:\Users\Paula\Desktop\FRST.txt 2013-12-10 10:34 - 2013-12-08 22:27 - 00000000 ____D C:\Users\Paula\Desktop\FRST-OlderVersion 2013-12-10 10:34 - 2013-12-08 22:25 - 01927982 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe 2013-12-10 10:34 - 2013-12-07 09:42 - 00000000 ____D C:\FRST 2013-12-10 10:25 - 2011-01-25 19:48 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2791A68D-C69A-4C65-8CB5-A1EECA16B518} 2013-12-10 10:10 - 2013-04-05 17:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-10 08:04 - 2013-12-10 08:04 - 02347384 _____ (ESET) C:\Users\Paula\Desktop\esetsmartinstaller_enu.exe 2013-12-10 08:02 - 2013-12-10 08:02 - 00005724 _____ C:\Users\Paula\Desktop\sc-cleaner.txt 2013-12-10 08:01 - 2013-12-10 08:01 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Paula\Desktop\sc-cleaner.exe 2013-12-10 08:01 - 2013-12-10 08:01 - 00005724 _____ C:\sc-cleaner.txt 2013-12-10 08:01 - 2011-02-21 22:06 - 00001943 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-10 08:01 - 2011-01-25 18:57 - 00001425 _____ C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-10 07:52 - 2010-06-01 02:03 - 01707077 _____ C:\Windows\WindowsUpdate.log 2013-12-10 07:52 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-10 07:52 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-10 07:42 - 2013-12-07 09:26 - 00000616 _____ C:\Windows\setupact.log 2013-12-10 07:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-09 22:52 - 2011-01-25 21:45 - 00000000 ____D C:\Users\Paula\AppData\Roaming\SoftGrid Client 2013-12-09 19:16 - 2011-01-25 18:39 - 00000000 ____D C:\Program Files (x86)\Game Pack 2013-12-09 19:13 - 2012-08-18 18:16 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-12-09 19:13 - 2010-06-01 02:12 - 00000000 ____D C:\ProgramData\Skype 2013-12-09 11:31 - 2013-12-07 09:24 - 00006500 _____ C:\Windows\PFRO.log 2013-12-09 11:19 - 2013-12-09 11:19 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Malwarebytes 2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-09 11:18 - 2013-12-09 11:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paula\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-08 22:35 - 2013-12-08 10:30 - 00026375 _____ C:\Users\Paula\Desktop\Addition.txt 2013-12-08 22:32 - 2013-12-08 22:28 - 00003622 _____ C:\Users\Paula\Desktop\SystemLook.txt 2013-12-08 22:28 - 2013-12-08 22:28 - 00165376 _____ C:\Users\Paula\Desktop\SystemLook_x64.exe 2013-12-08 22:24 - 2013-12-08 22:24 - 00003217 _____ C:\Users\Paula\fixlist.txt 2013-12-08 22:24 - 2011-01-25 18:37 - 00000000 ____D C:\Users\Paula 2013-12-08 19:24 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Spotify 2013-12-07 19:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-12-07 17:25 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Spotify 2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt 2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe 2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt 2013-12-07 16:01 - 2013-12-07 15:26 - 00000000 ____D C:\Qoobox 2013-12-07 16:01 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default 2013-12-07 15:59 - 2013-12-07 15:25 - 00000000 ____D C:\Windows\erdnt 2013-12-07 15:55 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe 2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log 2013-12-06 16:09 - 2011-07-20 22:10 - 00000000 ____D C:\Users\Paula\AppData\Roaming\DVDVideoSoft 2013-12-06 16:08 - 2011-01-25 18:57 - 00000000 ___RD C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-06 16:07 - 2010-06-01 18:30 - 02980236 _____ C:\Windows\system32\perfh007.dat 2013-12-06 16:07 - 2010-06-01 18:30 - 00881166 _____ C:\Windows\system32\perfc007.dat 2013-12-06 16:07 - 2009-07-14 06:13 - 00006492 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-06 16:03 - 2010-06-01 01:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO 2013-12-06 16:00 - 2013-12-03 19:20 - 00000000 ____D C:\ProgramData\WPM 2013-12-06 10:24 - 2013-12-05 19:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing 2013-12-06 10:09 - 2011-01-25 18:57 - 00000000 ____D C:\Users\Paula\AppData\Local\VirtualStore 2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint 2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi 2013-12-06 09:57 - 2011-08-21 20:56 - 00000000 ____D C:\Users\Paula\AppData\Roaming\FileZilla 2013-12-06 09:57 - 2011-07-16 19:51 - 00000000 ____D C:\Users\Paula\Tracing 2013-12-06 09:54 - 2011-07-17 21:17 - 00000000 ____D C:\Windows\Minidump 2013-12-06 09:54 - 2009-08-02 03:27 - 00000000 ____D C:\Windows\Panther 2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner 2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe 2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe 2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat 2013-12-05 15:07 - 2013-11-25 11:57 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp 2013-12-05 14:56 - 2013-08-14 07:15 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-04 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun 2013-12-03 19:27 - 2011-01-25 21:42 - 00006474 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-03 19:18 - 2013-08-18 21:16 - 00000000 ____D C:\Users\Paula\Desktop\Stufe 2013-12-02 20:37 - 2011-07-12 14:48 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Skype 2013-11-26 20:41 - 2013-08-14 07:17 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-11-26 20:41 - 2013-08-14 07:15 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-11-26 20:41 - 2013-08-14 07:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-11-25 19:04 - 2013-11-25 18:36 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten.xls 2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp 2013-11-24 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat 2013-11-24 21:12 - 2011-11-03 17:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Akamai 2013-11-24 21:12 - 2010-06-01 02:11 - 00000000 ____D C:\ProgramData\WinClon 2013-11-24 21:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-11-20 16:34 - 2013-04-04 13:59 - 00002018 ____H C:\Users\Paula\Documents\Default.rdp 2013-11-19 12:34 - 2012-05-06 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-18 17:42 - 2013-11-17 13:13 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp 2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ 2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj 2013-11-17 14:56 - 2013-07-13 15:15 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013 2013-11-17 14:50 - 2012-07-02 14:54 - 00000000 ____D C:\Users\Paula\Desktop\Jura Studium 2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp 2013-11-14 09:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-11-13 21:44 - 2013-07-22 06:56 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 21:40 - 2011-01-28 23:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-11 05:50 - 2011-01-27 17:30 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Paula\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-01 18:18 Beim Internet Explorer kommt jetzt about:blank als Startseite, bei Firefox kommt folgende Startseite: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& Liebe Grüße! Geändert von Paula123 (10.12.2013 um 10:42 Uhr) |
10.12.2013, 10:50 | #15 |
| Nationzoom-Virus, was kann ich tun? Hallo! Also: Beim Internet Explorer kommt jetzt about:blank als Startseite, bei Firefox kommt folgende Startseite: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& EDIT: Ich konnte jetzt bei beiden Browsern wieder Google als Startseite einstellen. Nationzoom ist weg *jubel* Liebe Grüße und vielen Dank Geändert von Paula123 (10.12.2013 um 11:03 Uhr) |
Themen zu Nationzoom-Virus, was kann ich tun? |
ahnung, firefox, gleichzeitig, hilfe, internet, melde, meldet, nationzoom, nervige, pop-ups, sache, sachen, schaltet, schonmal, seite, software, startseite, surfen, testversion, total, trojaner, version, viren, virus, vollversion, werbefenster, wirklich, überhaupt, ändern, öffnen |