| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nationzoom-Virus, was kann ich tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.12.2013, 16:22
| #1 |
 |  Nationzoom-Virus, was kann ich tun? Hallo! Seid ein paar Tagen ist mein PC total langsam. Wenn ich im Internet surfe (ganz gleich ob mit IE oder Firefox) kommt als Startseite immer Nationzoom. Ich habe schon versucht die Browsereinstellungen zu ändern, aber irgendwie hilft das nichts. Gleichzeitig kommen beim Surfen ständig nervige Pop-Ups, es öffnen sich Werbefenster und generell ist die Surfgeschwindigkeit sehr langsam. Mein PC läuft regelrecht heiß und schaltet sich sogar ab und an von selbst aus. Antivir erkennt keine schädliche Software auf meinem PC. Ich habe dann Spyhunter in der Testversion heruntergeladen, diese Software meldet mir 68 Funde. Allerdings wurde ich vor der Bereinigung aufgefordert mir die Vollversion zu kaufen. Jetzt habe ich im Internet gelesen, dass Spyhunter selbst nicht vertrauenswürdig ist und die Vollversion überhaupt nichts bringen würde. Was kann ich jetzt tun? Anzumerken ist, dass ich wirklich überhaupt keine Ahnung von Viren&co habe und in Sachen PC generell sehr unerfahren bin. 7 Liebe Grüße und schonmal vielen Dank! Paula |
|
06.12.2013, 20:07
| #2 |
| Ruhe in Frieden † 2019     | Nationzoom-Virus, was kann ich tun? Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Ich bedanke mich für deine Geduld 
__________________ |
|
07.12.2013, 09:47
| #3 |
| | Nationzoom-Virus, was kann ich tun? schonmal vielen vielen Dank!
__________________Hier die Dateien FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2013 01
Ran by Paula (administrator) on PAULA-PC on 07-12-2013 09:42:26
Running from C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MV5O73C
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\SysWOW64\Rezip.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Spotify Ltd) C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ7.4\ICQ.exe" silent loginmode=4
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-07] ()
HKCU\...\Run: [Uvyxs] - C:\Users\Paula\AppData\Roaming\Nyseym\ziuh.exe
HKCU\...\Run: [Uhowavi] - C:\Users\Paula\AppData\Roaming\Apypsa\yqapv.exe
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-17] (Spotify Ltd)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3457901039-3679683318-3372754741-1000\$4b97f9d624886571a1f7b11ec061ee59\n. ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll [ ] ()
AppInit_DLLs-x32: [ ] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390
SearchScopes: HKCU - bProtectorDefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.93.48.210 134.93.48.196
FireFox:
========
FF ProfilePath: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default
FF user.js: detected! => C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\user.js
FF NewTab: about:blank
FF DefaultSearchEngine: Search By ZoneAlarm
FF SelectedSearchEngine: Search By ZoneAlarm
FF Homepage: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Firefox.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Plusnetwork.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: zonealarm.com - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: ICQ Toolbar - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: DVDVideoSoftTB - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: DVDVideoSoft Menu - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
Chrome:
=======
CHR Extension: (SiteAdvisor) - C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
==================== Drivers (Whitelisted) ====================
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-10] (Windows (R) 2003 DDK 3790 provider)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-12-21] (MCCI Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-07 09:42 - 2013-12-07 09:42 - 00000000 ____D C:\FRST
2013-12-07 09:26 - 2013-12-07 09:26 - 00000056 _____ C:\Windows\setupact.log
2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log
2013-12-07 09:24 - 2013-12-07 09:24 - 00001938 _____ C:\Windows\PFRO.log
2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint
2013-12-06 10:05 - 2013-12-06 10:08 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk
2013-12-06 10:05 - 2013-12-06 10:08 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi
2013-12-06 10:02 - 2013-12-06 10:02 - 00401752 _____ (Softonic ) C:\Users\Paula\Downloads\SoftonicDownloader_fuer_hijackthis.exe
2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner
2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe
2013-12-05 19:06 - 2013-12-06 10:24 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe
2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat
2013-12-05 16:07 - 2013-12-05 16:07 - 00003326 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-12-05 16:07 - 2013-12-05 16:07 - 00002258 _____ C:\Users\Paula\Desktop\SpyHunter.lnk
2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\sh4ldr
2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-05 16:07 - 2012-06-22 11:01 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2013-12-05 16:05 - 2013-12-05 16:07 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-12-03 22:19 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Opkiga
2013-12-03 22:19 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Luuwu
2013-12-03 22:19 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Exenoh
2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun
2013-12-03 19:22 - 2013-12-03 19:22 - 00000000 ____D C:\Users\Paula\Documents\Optimizer Pro
2013-12-03 19:21 - 2013-12-06 16:02 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-03 19:21 - 2013-12-05 09:29 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-12-03 19:20 - 2013-12-06 16:00 - 00000000 ____D C:\ProgramData\WPM
2013-11-25 18:36 - 2013-11-25 19:04 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls
2013-11-25 11:57 - 2013-12-05 15:07 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp
2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp
2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ
2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj
2013-11-17 13:13 - 2013-11-18 17:42 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp
2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp
2013-11-13 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 21:44 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 21:44 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 21:44 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 21:44 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 20:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 20:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 20:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 20:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 20:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 20:40 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 20:40 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 20:40 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 20:40 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 20:40 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 20:40 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 20:40 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 20:40 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 20:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 20:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 20:40 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 20:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 20:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 20:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 20:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 20:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 20:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 20:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 20:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 20:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 20:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 20:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 20:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 20:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 20:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
==================== One Month Modified Files and Folders =======
2013-12-07 09:42 - 2013-12-07 09:42 - 00000000 ____D C:\FRST
2013-12-07 09:42 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-07 09:42 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-07 09:36 - 2010-06-01 02:03 - 01253661 _____ C:\Windows\WindowsUpdate.log
2013-12-07 09:35 - 2011-01-25 19:48 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2791A68D-C69A-4C65-8CB5-A1EECA16B518}
2013-12-07 09:26 - 2013-12-07 09:26 - 00000056 _____ C:\Windows\setupact.log
2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log
2013-12-07 09:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-07 09:24 - 2013-12-07 09:24 - 00001938 _____ C:\Windows\PFRO.log
2013-12-07 09:24 - 2012-07-25 11:49 - 00000000 ____D C:\Program Files (x86)\BrowserCompanion
2013-12-07 00:27 - 2013-04-05 17:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-07 00:27 - 2011-01-25 21:45 - 00000000 ____D C:\Users\Paula\AppData\Roaming\SoftGrid Client
2013-12-06 16:09 - 2011-07-20 22:10 - 00000000 ____D C:\Users\Paula\AppData\Roaming\DVDVideoSoft
2013-12-06 16:08 - 2012-07-25 11:49 - 00000000 ____D C:\Users\Paula\AppData\Roaming\BrowserCompanion
2013-12-06 16:08 - 2011-01-25 18:57 - 00000000 ___RD C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-06 16:07 - 2010-06-01 18:30 - 02980236 _____ C:\Windows\system32\perfh007.dat
2013-12-06 16:07 - 2010-06-01 18:30 - 00881166 _____ C:\Windows\system32\perfc007.dat
2013-12-06 16:07 - 2009-07-14 06:13 - 00006492 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-06 16:03 - 2010-06-01 01:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-06 16:02 - 2013-12-03 19:21 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO
2013-12-06 16:00 - 2013-12-03 19:20 - 00000000 ____D C:\ProgramData\WPM
2013-12-06 10:24 - 2013-12-05 19:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing
2013-12-06 10:09 - 2011-01-25 18:57 - 00000000 ____D C:\Users\Paula\AppData\Local\VirtualStore
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-12-06 10:08 - 2013-12-06 10:05 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk
2013-12-06 10:08 - 2013-12-06 10:05 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint
2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi
2013-12-06 10:02 - 2013-12-06 10:02 - 00401752 _____ (Softonic ) C:\Users\Paula\Downloads\SoftonicDownloader_fuer_hijackthis.exe
2013-12-06 09:57 - 2011-08-21 20:56 - 00000000 ____D C:\Users\Paula\AppData\Roaming\FileZilla
2013-12-06 09:57 - 2011-07-16 19:51 - 00000000 ____D C:\Users\Paula\Tracing
2013-12-06 09:54 - 2011-07-17 21:17 - 00000000 ____D C:\Windows\Minidump
2013-12-06 09:54 - 2009-08-02 03:27 - 00000000 ____D C:\Windows\Panther
2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner
2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe
2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat
2013-12-05 16:07 - 2013-12-05 16:07 - 00003326 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-12-05 16:07 - 2013-12-05 16:07 - 00002258 _____ C:\Users\Paula\Desktop\SpyHunter.lnk
2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\sh4ldr
2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-05 16:07 - 2013-12-05 16:05 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-12-05 15:07 - 2013-11-25 11:57 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp
2013-12-05 14:56 - 2013-08-14 07:15 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-05 09:29 - 2013-12-03 19:21 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-12-04 14:50 - 2011-01-25 18:39 - 00000000 ____D C:\Program Files (x86)\Game Pack
2013-12-04 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-03 22:19 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Opkiga
2013-12-03 22:19 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Luuwu
2013-12-03 22:19 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Exenoh
2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun
2013-12-03 19:27 - 2011-01-25 21:42 - 00006474 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-03 19:22 - 2013-12-03 19:22 - 00000000 ____D C:\Users\Paula\Documents\Optimizer Pro
2013-12-03 19:20 - 2011-02-21 22:06 - 00002161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-03 19:20 - 2011-01-25 18:57 - 00001655 _____ C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 19:18 - 2013-08-18 21:16 - 00000000 ____D C:\Users\Paula\Desktop\Stufe
2013-12-02 20:37 - 2011-07-12 14:48 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Skype
2013-12-01 15:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-26 20:51 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Spotify
2013-11-26 20:41 - 2013-08-14 07:17 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-26 20:41 - 2013-08-14 07:15 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-26 20:41 - 2013-08-14 07:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-26 18:17 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Spotify
2013-11-25 19:04 - 2013-11-25 18:36 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls
2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp
2013-11-24 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-24 21:12 - 2011-11-03 17:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Akamai
2013-11-24 21:12 - 2010-06-01 02:11 - 00000000 ____D C:\ProgramData\WinClon
2013-11-24 21:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-24 12:32 - 2011-01-25 18:37 - 00000000 ____D C:\Users\Paula
2013-11-20 16:34 - 2013-04-04 13:59 - 00002018 ____H C:\Users\Paula\Documents\Default.rdp
2013-11-19 12:34 - 2012-05-06 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 17:42 - 2013-11-17 13:13 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp
2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ
2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj
2013-11-17 14:56 - 2013-07-13 15:15 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
2013-11-17 14:50 - 2012-07-02 14:54 - 00000000 ____D C:\Users\Paula\Desktop\Jura Studium
2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp
2013-11-14 09:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 21:44 - 2013-07-22 06:56 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 21:40 - 2011-01-28 23:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2011-01-27 17:30 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3457901039-3679683318-3372754741-1000\$4b97f9d624886571a1f7b11ec061ee59
Some content of TEMP:
====================
C:\Users\Paula\AppData\Local\Temp\avgnt.exe
C:\Users\Paula\AppData\Local\Temp\SHSetup.exe
C:\Users\Paula\AppData\Local\Temp\vis-de.exe
C:\Users\Paula\AppData\Local\Temp\zatbSetup_110_000_064.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-01 18:18
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2013 01
Ran by Paula at 2013-12-07 09:43:18
Running from C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MV5O73C
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Alice Greenfingers (x32)
Apple Application Support (x32 Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.774.0)
Avira Free Antivirus (x32 Version: 14.0.1.759)
BatteryLifeExtender (x32 Version: 1.0.3)
Broadcom 802.11 Network Adapter (Version: 5.60.48.44)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Light (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center InstallProxy (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Localization All (x32 Version: 2010.0504.2152.37420)
CCC Help Chinese Standard (x32 Version: 2010.0504.2151.37420)
CCC Help Chinese Traditional (x32 Version: 2010.0504.2151.37420)
CCC Help Czech (x32 Version: 2010.0504.2151.37420)
CCC Help Danish (x32 Version: 2010.0504.2151.37420)
CCC Help Dutch (x32 Version: 2010.0504.2151.37420)
CCC Help English (x32 Version: 2010.0504.2151.37420)
CCC Help Finnish (x32 Version: 2010.0504.2151.37420)
CCC Help French (x32 Version: 2010.0504.2151.37420)
CCC Help German (x32 Version: 2010.0504.2151.37420)
CCC Help Greek (x32 Version: 2010.0504.2151.37420)
CCC Help Hungarian (x32 Version: 2010.0504.2151.37420)
CCC Help Italian (x32 Version: 2010.0504.2151.37420)
CCC Help Japanese (x32 Version: 2010.0504.2151.37420)
CCC Help Korean (x32 Version: 2010.0504.2151.37420)
CCC Help Norwegian (x32 Version: 2010.0504.2151.37420)
CCC Help Polish (x32 Version: 2010.0504.2151.37420)
CCC Help Portuguese (x32 Version: 2010.0504.2151.37420)
CCC Help Russian (x32 Version: 2010.0504.2151.37420)
CCC Help Spanish (x32 Version: 2010.0504.2151.37420)
CCC Help Swedish (x32 Version: 2010.0504.2151.37420)
CCC Help Thai (x32 Version: 2010.0504.2151.37420)
CCC Help Turkish (x32 Version: 2010.0504.2151.37420)
ccc-core-static (x32 Version: 2010.0504.2152.37420)
ccc-utility64 (Version: 2010.0504.2152.37420)
CCleaner (Version: 4.08)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.661)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.661)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.661)
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1)
CorelDRAW Graphics Suite X5 (x32 Version: 15.2)
CorelDRAW(R) Graphics Suite X5 (x32 Version: 15.2.0.661)
CyberLink YouCam (x32 Version: 2.0.3911)
Daycare Nightmare (x32)
Easy Content Share (x32 Version: 1.0.0.13)
Easy Display Manager (x32 Version: 3.1)
Easy Network Manager (x32 Version: 4.3.1)
Easy SpeedUp Manager (x32 Version: 2.1.0.11)
EasyBatteryManager (x32 Version: 4.0.0.4)
EasyFileShare (x32 Version: 1.0.3)
ETDWare PS/2-x64 7.0.7.0_WHQL (Version: 7.0.7.0)
FileZilla Client 3.5.0 (x32 Version: 3.5.0)
Flip Words (x32)
Free Audio CD Burner version 1.4.7 (x32)
Galapago (x32)
Game Pack (x32 Version: 6.3.1.1)
Gem Shop (x32)
HiJackThis (x32 Version: 1.0.0)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (x32 Version: 1)
Insaniquarium Deluxe (x32)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.3.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
IrfanView (remove only) (x32 Version: 4.30)
iTunes (Version: 10.5.2.11)
Java Auto Updater (x32 Version: 2.0.2.4)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
LibreOffice 3.3 (x32 Version: 3.3.401)
Live Security Platinum (HKCU)
Mahjong Escape Ancient China (x32)
Marvell Miniport Driver (x32 Version: 11.22.3.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (x32 Version: 9.0.30729)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
OpenOffice.org 3.4 (x32 Version: 3.4.9590)
PhotoStage Slideshow Producer (x32)
Picasa 3 (x32 Version: 3.9)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6083)
REALTEK Wireless LAN Software (x32 Version: 0133.09.1202)
Samsung Kies (x32 Version: 2.2.0.12014_18)
Samsung Recovery Solution 4 (x32 Version: 4.0.0.6)
Samsung Support Center (x32 Version: 1.0.2)
Samsung Update Plus (x32 Version: 2.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 5.10 (x32 Version: 5.10.116)
Spotify (HKCU Version: 0.9.6.72.ge389c074)
SpyHunter (Version: 4.16.5.4290)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
User Guide (x32 Version: 1.0)
Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
==================== Restore Points =========================
04-12-2013 22:27:54 Windows Update
05-12-2013 07:57:31 Windows Update
05-12-2013 15:06:00 Installed SpyHunter
06-12-2013 09:04:52 Installed HiJackThis
06-12-2013 15:03:14 Removed Atheros Client Installation Program
06-12-2013 15:05:47 Removed HiJackThis
06-12-2013 15:08:03 Removed Bonjour
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {100C4F02-D9E2-403A-A907-64348E952739} - System32\Tasks\{B3CAFF63-E2BB-46DD-8413-8886624B9A7C} => C:\Users\Paula\Desktop\Downloads\avira_antivir_personal_de609.exe [2011-01-27] ()
Task: {2224746E-5CFC-48E0-89CF-1A3AA51AEA8D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2BC78291-5B64-4D3C-934D-F1894BAD0787} - System32\Tasks\{5FE05CF0-3CF1-494C-A406-7B9C3C1205F8} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Task: {3ECC68C6-E2C5-4191-96DA-AE07FF7BEDC9} - System32\Tasks\{F00A186A-630B-49A6-956C-46E3DB0A2BA2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {62A69A7F-0BDB-45D4-B4AB-A4FFA1F2D6B7} - System32\Tasks\{47F9CF17-2A0C-4179-812F-02A59A171263} => C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe
Task: {6C77CCCD-9510-43C0-90EF-F296F4CB5443} - System32\Tasks\{96E187CA-3D74-4562-B558-F8D6DE40E38E} => C:\Users\Paula\Desktop\Downloads\avira_antivir_personal_de609.exe [2011-01-27] ()
Task: {7EE38988-AB08-4453-AA80-C802C1252B79} - System32\Tasks\{21A303CA-1074-45ED-BEDF-7DC23FB69BDF} => C:\Users\Paula\Desktop\Stufe\avira_free_antivirus_de.exe
Task: {8813E5D3-87AE-4768-B14F-387BD05ACF8D} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {94A6DB14-A166-40F1-A289-C1AB91B85AA7} - System32\Tasks\{A0D3ACA3-AF85-4C31-BBA1-56F427CC9FD1} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Task: {B3038D87-CE94-422A-9FDC-9D893BB5CEE3} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {CD43C245-75B3-4853-BE73-88B6418617A5} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2013-10-18] (Enigma Software Group USA, LLC.)
Task: {CD819A81-4C92-4F0E-9242-D3431D89ACF4} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.)
Task: {D7124D21-9D3D-430E-9095-5CA5C98AB530} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-04-17] (Samsung Electronics. Co. Ltd.)
Task: {D774F9DD-6A0C-478D-A6E1-DF1734E28C67} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {E0AE514E-34F8-42BF-8EF8-B6BD4BD52D96} - System32\Tasks\{27725434-10B2-41EA-843B-EB5ED3C8D687} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {EB8F3FFE-B076-4E82-8CB6-A2DE27366159} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {EDCACFEC-9D3B-400E-83BB-3EBCF095C234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {F56B76B9-95E0-47F8-8A07-72DDB540B015} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-04-07] (Samsung Electronics Co., Ltd.)
Task: {F9CE13F9-8BA6-4A7A-9512-FC0F318C1BB5} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-02-12 06:32 - 2009-02-12 06:32 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-01 02:01 - 2010-06-01 02:01 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-08-14 07:15 - 2013-08-13 08:32 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-01 02:09 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2012-03-07 22:29 - 2012-03-07 22:29 - 00115137 _____ () C:\Users\Paula\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/06/2013 03:37:48 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16736 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 8cc
Startzeit: 01cef28dc866f07f
Endzeit: 25
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
Error: (12/06/2013 00:58:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/06/2013 10:36:30 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: Q:\
Ausführungskontext: Coordinator
Error: (12/06/2013 10:36:29 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: Q:\
Ausführungskontext: Coordinator
Error: (12/06/2013 10:36:26 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: Q:\
Ausführungskontext: Coordinator
System errors:
=============
Error: (12/07/2013 09:33:33 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/06/2013 08:55:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/06/2013 08:51:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/06/2013 08:51:14 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (12/06/2013 08:50:07 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 05.12.2013 um 23:46:52 unerwartet heruntergefahren.
Error: (12/05/2013 08:14:27 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (12/05/2013 04:07:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/05/2013 03:59:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/05/2013 02:59:23 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT-AUTORITÄT)
Description: Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle Auftragsanzahl für den Paula-PC\Paula-Benutzer ("60") ist gleich oder größer als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird, bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits pro Benutzer und pro Computer zu erhöhen.
Error: (12/05/2013 02:55:14 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Microsoft Office Sessions:
=========================
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/06/2013 03:37:48 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.167368cc01cef28dc866f07f25C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
Error: (12/06/2013 00:58:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/06/2013 10:36:30 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: Q:\
Ausführungskontext: Coordinator
Error: (12/06/2013 10:36:29 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: Q:\
Ausführungskontext: Coordinator
Error: (12/06/2013 10:36:26 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: Q:\
Ausführungskontext: Coordinator
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 3946.18 MB
Available physical RAM: 2353.24 MB
Total Pagefile: 7890.54 MB
Available Pagefile: 5497.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:179 GB) (Free:101.61 GB) NTFS
Drive d: () (Fixed) (Total:266.66 GB) (Free:249.1 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 4394EB81)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=179 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=267 GB) - (Type=OF Extended)
==================== End Of Log ============================
Liebe Grüße, Paula |
|
07.12.2013, 13:52
| #4 |
| Ruhe in Frieden † 2019 | Nationzoom-Virus, was kann ich tun? Hallo Paula, bitte speichere alle unsere Tools auf dem Desktop ab. Du hast dir da noch etwas anderes eingefangen, da müssen wir uns zuerst drum kümmern. Schritt 1 Bitte deinstalliere folgende Programme: Java 6 Update 22 SpyHunter Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Schritt 2 Scan mit Combofix
Schritt 3 Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. Schritt 4 Starte noch einmal FRST.
|
|
07.12.2013, 16:20
| #5 | |
| | Nationzoom-Virus, was kann ich tun? Hallo! Hierschonmal die Datei von Combofix. Code:
ATTFilter ComboFix 13-12-07.01 - Paula 07.12.2013 15:44:40.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3946.2479 [GMT 1:00]
ausgeführt von:: c:\users\Paula\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Paula\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll
.
---- Vorheriger Suchlauf -------
.
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\programdata\NOTEPAD.EXE-x.txt
c:\programdata\RUNDLL32.EXE-x.txt
c:\users\Paula\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\Paula\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll
c:\users\Paula\AppData\Roaming\Alviz\buqex.bos
c:\users\Paula\AppData\Roaming\Exenoh\aligt.pae
c:\users\Paula\AppData\Roaming\Luuwu\xauki.oxy
c:\users\Paula\AppData\Roaming\Opkiga\ahci.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-11-07 bis 2013-12-07 ))))))))))))))))))))))))))))))
.
.
2013-12-07 14:53 . 2013-12-07 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-07 08:42 . 2013-12-07 08:42 -------- d-----w- C:\FRST
2013-12-06 15:01 . 2013-12-06 15:01 -------- d-----w- c:\windows\system32\IO
2013-12-06 09:08 . 2013-12-06 09:08 -------- d-----w- c:\program files (x86)\CheckPoint
2013-12-06 09:08 . 2013-12-06 09:08 388096 ----a-r- c:\users\Paula\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-06 09:08 . 2013-12-06 09:08 -------- d-----w- c:\program files (x86)\Trend Micro
2013-12-06 09:07 . 2013-12-06 09:07 -------- d-----w- c:\programdata\CheckPoint
2013-12-06 08:33 . 2013-12-06 08:33 -------- d-----w- c:\program files\CCleaner
2013-12-06 08:00 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DBB0572-8ADE-4E78-80AA-E7EDD26D5477}\mpengine.dll
2013-12-05 18:06 . 2013-12-06 09:24 -------- d-----w- c:\users\Paula\AppData\Roaming\Nico Mak Computing
2013-12-05 15:07 . 2013-12-05 15:07 -------- d-----w- c:\program files\Enigma Software Group
2013-12-05 15:05 . 2013-12-07 14:15 -------- d-----w- c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-12-05 15:05 . 2013-12-05 15:05 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-12-03 18:40 . 2013-12-03 18:40 -------- d-----w- c:\windows\Sun
2013-12-03 18:21 . 2013-12-06 15:02 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-12-03 18:21 . 2013-12-05 08:29 -------- d-----w- c:\program files (x86)\Optimizer Pro
2013-12-03 18:21 . 2013-12-03 18:21 -------- d-----w- c:\users\Paula\AppData\Local\Programs
2013-12-03 18:20 . 2013-12-06 15:00 -------- d-----w- c:\programdata\WPM
2013-11-13 20:44 . 2013-10-12 08:45 1364992 ----a-w- c:\windows\system32\urlmon.dll
2013-11-13 19:40 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-05 13:56 . 2013-08-14 06:15 107416 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-11-26 19:41 . 2013-08-14 06:17 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-11-26 19:41 . 2013-08-14 06:15 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-26 19:41 . 2013-08-14 06:15 132600 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-11-13 20:40 . 2011-01-28 22:08 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-11 04:50 . 2011-01-27 16:30 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-09 20:11 . 2013-04-05 16:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 20:11 . 2011-09-26 14:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624]
"Akamai NetSession Interface"="c:\users\Paula\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-03 943504]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-07 21416]
"Spotify Web Helper"="c:\users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-11-17 1168896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-11-26 683576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bserd.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-05 20:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
mDefault_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
mStart Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
uInternet Settings,ProxyOverride = 127.0.0.1:9421;????????????????????????????e?;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 134.93.48.210 134.93.48.196
FF - ProfilePath - c:\users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&
FF - ExtSQL: 2013-12-06 10:24; ffxtlbr@zonealarm.com; c:\users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\extensions\ffxtlbr@zonealarm.com
FF - user.js: extensions.zonealarm.hpOld0 - hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=Solo&Lan={dfltLng}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - d8436c4d000000000000ee39dfbcaca9
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16045
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1110:08
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5003
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - Solo
FF - user.js: extensions.zonealarm.instlRef - ZLN120896091084577-5003
FF - user.js: extensions.zonealarm.dfltLng -
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ICQ - c:\program files (x86)\ICQ7.4\ICQ.exe
Wow6432Node-HKCU-Run-Uvyxs - c:\users\Paula\AppData\Roaming\Nyseym\ziuh.exe
Wow6432Node-HKCU-Run-Uhowavi - c:\users\Paula\AppData\Roaming\Apypsa\yqapv.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-07 16:01:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-12-07 15:01
.
Vor Suchlauf: 12 Verzeichnis(se), 108.562.767.872 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 107.830.464.512 Bytes frei
.
- - End Of File - - A0D4BACC9AA178EDE5CC08D4A4BD3649
Liebe Grüße, Paula Hier die Loggdatei von FSS. Code:
ATTFilter Farbar Service Scanner Version: 05-12-2013
Ran by Paula (administrator) on 07-12-2013 at 16:08:10
Running from "C:\Users\Paula\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Bei FRST gab es jetzt folgendes Problem: Ich habe das Programm auf meinem Rechner nicht mehr gefunden (wurde das eventuell bei dem Vorgang gelöscht?) Deshalb habe ich mir das neu runtergeladen. Wenn ich jetzt aber den SCAN durchführe, kommt immer die folgende Meldung: Zitat:
Was soll ich jetzt tun?  Ach mist, jetzt habe ich in der Aufregung auf "antworten" anstatt auf "editieren" geklickt... tut mir leid :/ Liebe Grüße und vielen Dank für die Mühe, Paula Geändert von Paula123 (07.12.2013 um 16:44 Uhr) |
|
07.12.2013, 21:04
| #6 |
| Ruhe in Frieden † 2019 | Nationzoom-Virus, was kann ich tun? Hallo Paula, lösche die FRST64.exe, dann downloade dir sie nochmal, speichere sie auf dem Desktop und versuche es nochmal, wenn das nicht geht, dann lade dir bitte OTL runter. Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Optionaler Schritt (falls FRST wieder nicht geht) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ --> Nationzoom-Virus, was kann ich tun? |
|
08.12.2013, 10:35
| #7 |
| | Nationzoom-Virus, was kann ich tun? Jetzt hat es mit FRST wieder geklappt. Paula und Technik  Hier die Logfiles: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2013 01
Ran by Paula (administrator) on PAULA-PC on 08-12-2013 10:29:02
Running from C:\Users\Paula\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\SysWOW64\Rezip.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Spotify Ltd) C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Farbar) C:\Users\Paula\Desktop\FRST64 (2).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-07] ()
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-17] (Spotify Ltd)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390
SearchScopes: HKCU - bProtectorDefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.93.48.210 134.93.48.196
FireFox:
========
FF ProfilePath: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default
FF user.js: detected! => C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\user.js
FF NewTab: about:blank
FF DefaultSearchEngine: Search By ZoneAlarm
FF SelectedSearchEngine: Search By ZoneAlarm
FF Homepage: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Firefox.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Plusnetwork.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: zonealarm.com - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: ICQ Toolbar - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: DVDVideoSoftTB - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: DVDVideoSoft Menu - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
Chrome:
=======
CHR HomePage: hxxp://www.searchplusnetwork.com/?sp=vit4
CHR RestoreOnStartup: "hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&"
CHR DefaultSearchProvider: Search By ZoneAlarm
CHR DefaultSearchURL: hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&
CHR DefaultSuggestURL: "suggest_url" : ""
CHR Extension: (SiteAdvisor) - C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
==================== Drivers (Whitelisted) ====================
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-10] (Windows (R) 2003 DDK 3790 provider)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-12-21] (MCCI Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-08 10:28 - 2013-12-08 10:28 - 01927742 _____ (Farbar) C:\Users\Paula\Desktop\FRST64 (2).exe
2013-12-07 16:14 - 2013-12-08 10:30 - 00015464 _____ C:\Users\Paula\Desktop\FRST.txt
2013-12-07 16:13 - 2013-12-07 16:13 - 01927514 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe
2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt
2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe
2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt
2013-12-07 15:26 - 2013-12-07 16:01 - 00000000 ____D C:\Qoobox
2013-12-07 15:26 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-07 15:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-07 15:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-07 15:25 - 2013-12-07 15:59 - 00000000 ____D C:\Windows\erdnt
2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe
2013-12-07 09:42 - 2013-12-07 09:42 - 00000000 ____D C:\FRST
2013-12-07 09:26 - 2013-12-08 10:08 - 00000336 _____ C:\Windows\setupact.log
2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log
2013-12-07 09:24 - 2013-12-07 15:54 - 00003036 _____ C:\Windows\PFRO.log
2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint
2013-12-06 10:05 - 2013-12-06 10:08 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk
2013-12-06 10:05 - 2013-12-06 10:08 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi
2013-12-06 10:02 - 2013-12-06 10:02 - 00401752 _____ (Softonic ) C:\Users\Paula\Downloads\SoftonicDownloader_fuer_hijackthis.exe
2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner
2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe
2013-12-05 19:06 - 2013-12-06 10:24 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe
2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat
2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-05 16:05 - 2013-12-07 15:15 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun
2013-12-03 19:22 - 2013-12-03 19:22 - 00000000 ____D C:\Users\Paula\Documents\Optimizer Pro
2013-12-03 19:21 - 2013-12-06 16:02 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-03 19:21 - 2013-12-05 09:29 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-12-03 19:20 - 2013-12-06 16:00 - 00000000 ____D C:\ProgramData\WPM
2013-11-25 18:36 - 2013-11-25 19:04 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls
2013-11-25 11:57 - 2013-12-05 15:07 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp
2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp
2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ
2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj
2013-11-17 13:13 - 2013-11-18 17:42 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp
2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp
2013-11-13 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 21:44 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 21:44 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 21:44 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 21:44 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 20:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 20:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 20:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 20:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 20:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 20:40 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 20:40 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 20:40 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 20:40 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 20:40 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 20:40 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 20:40 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 20:40 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 20:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 20:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 20:40 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 20:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 20:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 20:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 20:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 20:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 20:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 20:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 20:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 20:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 20:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 20:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 20:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 20:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 20:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
==================== One Month Modified Files and Folders =======
2013-12-08 10:30 - 2013-12-07 16:14 - 00015464 _____ C:\Users\Paula\Desktop\FRST.txt
2013-12-08 10:28 - 2013-12-08 10:28 - 01927742 _____ (Farbar) C:\Users\Paula\Desktop\FRST64 (2).exe
2013-12-08 10:26 - 2011-01-25 19:48 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2791A68D-C69A-4C65-8CB5-A1EECA16B518}
2013-12-08 10:16 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-08 10:16 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-08 10:13 - 2010-06-01 02:03 - 01386662 _____ C:\Windows\WindowsUpdate.log
2013-12-08 10:10 - 2013-04-05 17:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-08 10:08 - 2013-12-07 09:26 - 00000336 _____ C:\Windows\setupact.log
2013-12-08 10:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-07 19:52 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Spotify
2013-12-07 19:52 - 2011-01-25 21:45 - 00000000 ____D C:\Users\Paula\AppData\Roaming\SoftGrid Client
2013-12-07 19:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-07 17:25 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Spotify
2013-12-07 16:13 - 2013-12-07 16:13 - 01927514 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe
2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt
2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe
2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt
2013-12-07 16:01 - 2013-12-07 15:26 - 00000000 ____D C:\Qoobox
2013-12-07 16:01 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-07 15:59 - 2013-12-07 15:25 - 00000000 ____D C:\Windows\erdnt
2013-12-07 15:55 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-07 15:54 - 2013-12-07 09:24 - 00003036 _____ C:\Windows\PFRO.log
2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe
2013-12-07 15:15 - 2013-12-05 16:05 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-12-07 09:42 - 2013-12-07 09:42 - 00000000 ____D C:\FRST
2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 16:09 - 2011-07-20 22:10 - 00000000 ____D C:\Users\Paula\AppData\Roaming\DVDVideoSoft
2013-12-06 16:08 - 2012-07-25 11:49 - 00000000 ____D C:\Users\Paula\AppData\Roaming\BrowserCompanion
2013-12-06 16:08 - 2011-01-25 18:57 - 00000000 ___RD C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-06 16:07 - 2010-06-01 18:30 - 02980236 _____ C:\Windows\system32\perfh007.dat
2013-12-06 16:07 - 2010-06-01 18:30 - 00881166 _____ C:\Windows\system32\perfc007.dat
2013-12-06 16:07 - 2009-07-14 06:13 - 00006492 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-06 16:03 - 2010-06-01 01:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-06 16:02 - 2013-12-03 19:21 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO
2013-12-06 16:00 - 2013-12-03 19:20 - 00000000 ____D C:\ProgramData\WPM
2013-12-06 10:24 - 2013-12-05 19:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing
2013-12-06 10:09 - 2011-01-25 18:57 - 00000000 ____D C:\Users\Paula\AppData\Local\VirtualStore
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-12-06 10:08 - 2013-12-06 10:05 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk
2013-12-06 10:08 - 2013-12-06 10:05 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint
2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi
2013-12-06 10:02 - 2013-12-06 10:02 - 00401752 _____ (Softonic ) C:\Users\Paula\Downloads\SoftonicDownloader_fuer_hijackthis.exe
2013-12-06 09:57 - 2011-08-21 20:56 - 00000000 ____D C:\Users\Paula\AppData\Roaming\FileZilla
2013-12-06 09:57 - 2011-07-16 19:51 - 00000000 ____D C:\Users\Paula\Tracing
2013-12-06 09:54 - 2011-07-17 21:17 - 00000000 ____D C:\Windows\Minidump
2013-12-06 09:54 - 2009-08-02 03:27 - 00000000 ____D C:\Windows\Panther
2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner
2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe
2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat
2013-12-05 16:07 - 2013-12-05 16:07 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-05 15:07 - 2013-11-25 11:57 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp
2013-12-05 14:56 - 2013-08-14 07:15 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-05 09:29 - 2013-12-03 19:21 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-12-04 14:50 - 2011-01-25 18:39 - 00000000 ____D C:\Program Files (x86)\Game Pack
2013-12-04 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun
2013-12-03 19:27 - 2011-01-25 21:42 - 00006474 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-03 19:22 - 2013-12-03 19:22 - 00000000 ____D C:\Users\Paula\Documents\Optimizer Pro
2013-12-03 19:20 - 2011-02-21 22:06 - 00002161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-03 19:20 - 2011-01-25 18:57 - 00001655 _____ C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 19:18 - 2013-08-18 21:16 - 00000000 ____D C:\Users\Paula\Desktop\Stufe
2013-12-02 20:37 - 2011-07-12 14:48 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Skype
2013-11-26 20:41 - 2013-08-14 07:17 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-26 20:41 - 2013-08-14 07:15 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-26 20:41 - 2013-08-14 07:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-25 19:04 - 2013-11-25 18:36 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls
2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp
2013-11-24 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-24 21:12 - 2011-11-03 17:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Akamai
2013-11-24 21:12 - 2010-06-01 02:11 - 00000000 ____D C:\ProgramData\WinClon
2013-11-24 21:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-24 12:32 - 2011-01-25 18:37 - 00000000 ____D C:\Users\Paula
2013-11-20 16:34 - 2013-04-04 13:59 - 00002018 ____H C:\Users\Paula\Documents\Default.rdp
2013-11-19 12:34 - 2012-05-06 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 17:42 - 2013-11-17 13:13 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp
2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ
2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj
2013-11-17 14:56 - 2013-07-13 15:15 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
2013-11-17 14:50 - 2012-07-02 14:54 - 00000000 ____D C:\Users\Paula\Desktop\Jura Studium
2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp
2013-11-14 09:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 21:44 - 2013-07-22 06:56 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 21:40 - 2011-01-28 23:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2011-01-27 17:30 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Paula\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-01 18:18
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2013 01
Ran by Paula at 2013-12-08 10:30:36
Running from C:\Users\Paula\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Alice Greenfingers (x32)
Apple Application Support (x32 Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.774.0)
Avira Free Antivirus (x32 Version: 14.0.1.759)
BatteryLifeExtender (x32 Version: 1.0.3)
Broadcom 802.11 Network Adapter (Version: 5.60.48.44)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Light (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center InstallProxy (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Localization All (x32 Version: 2010.0504.2152.37420)
CCC Help Chinese Standard (x32 Version: 2010.0504.2151.37420)
CCC Help Chinese Traditional (x32 Version: 2010.0504.2151.37420)
CCC Help Czech (x32 Version: 2010.0504.2151.37420)
CCC Help Danish (x32 Version: 2010.0504.2151.37420)
CCC Help Dutch (x32 Version: 2010.0504.2151.37420)
CCC Help English (x32 Version: 2010.0504.2151.37420)
CCC Help Finnish (x32 Version: 2010.0504.2151.37420)
CCC Help French (x32 Version: 2010.0504.2151.37420)
CCC Help German (x32 Version: 2010.0504.2151.37420)
CCC Help Greek (x32 Version: 2010.0504.2151.37420)
CCC Help Hungarian (x32 Version: 2010.0504.2151.37420)
CCC Help Italian (x32 Version: 2010.0504.2151.37420)
CCC Help Japanese (x32 Version: 2010.0504.2151.37420)
CCC Help Korean (x32 Version: 2010.0504.2151.37420)
CCC Help Norwegian (x32 Version: 2010.0504.2151.37420)
CCC Help Polish (x32 Version: 2010.0504.2151.37420)
CCC Help Portuguese (x32 Version: 2010.0504.2151.37420)
CCC Help Russian (x32 Version: 2010.0504.2151.37420)
CCC Help Spanish (x32 Version: 2010.0504.2151.37420)
CCC Help Swedish (x32 Version: 2010.0504.2151.37420)
CCC Help Thai (x32 Version: 2010.0504.2151.37420)
CCC Help Turkish (x32 Version: 2010.0504.2151.37420)
ccc-core-static (x32 Version: 2010.0504.2152.37420)
ccc-utility64 (Version: 2010.0504.2152.37420)
CCleaner (Version: 4.08)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.661)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.661)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.661)
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1)
CorelDRAW Graphics Suite X5 (x32 Version: 15.2)
CorelDRAW(R) Graphics Suite X5 (x32 Version: 15.2.0.661)
CyberLink YouCam (x32 Version: 2.0.3911)
Daycare Nightmare (x32)
Easy Content Share (x32 Version: 1.0.0.13)
Easy Display Manager (x32 Version: 3.1)
Easy Network Manager (x32 Version: 4.3.1)
Easy SpeedUp Manager (x32 Version: 2.1.0.11)
EasyBatteryManager (x32 Version: 4.0.0.4)
EasyFileShare (x32 Version: 1.0.3)
ETDWare PS/2-x64 7.0.7.0_WHQL (Version: 7.0.7.0)
FileZilla Client 3.5.0 (x32 Version: 3.5.0)
Flip Words (x32)
Free Audio CD Burner version 1.4.7 (x32)
Galapago (x32)
Game Pack (x32 Version: 6.3.1.1)
Gem Shop (x32)
HiJackThis (x32 Version: 1.0.0)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (x32 Version: 1)
Insaniquarium Deluxe (x32)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.3.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
IrfanView (remove only) (x32 Version: 4.30)
iTunes (Version: 10.5.2.11)
LibreOffice 3.3 (x32 Version: 3.3.401)
Mahjong Escape Ancient China (x32)
Marvell Miniport Driver (x32 Version: 11.22.3.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (x32 Version: 9.0.30729)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
OpenOffice.org 3.4 (x32 Version: 3.4.9590)
PhotoStage Slideshow Producer (x32)
Picasa 3 (x32 Version: 3.9)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6083)
REALTEK Wireless LAN Software (x32 Version: 0133.09.1202)
Samsung Kies (x32 Version: 2.2.0.12014_18)
Samsung Recovery Solution 4 (x32 Version: 4.0.0.6)
Samsung Support Center (x32 Version: 1.0.2)
Samsung Update Plus (x32 Version: 2.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 5.10 (x32 Version: 5.10.116)
Spotify (HKCU Version: 0.9.6.72.ge389c074)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
User Guide (x32 Version: 1.0)
Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
==================== Restore Points =========================
04-12-2013 22:27:54 Windows Update
05-12-2013 07:57:31 Windows Update
05-12-2013 15:06:00 Installed SpyHunter
06-12-2013 09:04:52 Installed HiJackThis
06-12-2013 15:03:14 Removed Atheros Client Installation Program
06-12-2013 15:05:47 Removed HiJackThis
06-12-2013 15:08:03 Removed Bonjour
07-12-2013 14:12:52 Removed SpyHunter
07-12-2013 14:16:14 Removed Java(TM) 6 Update 22
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-12-07 15:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {100C4F02-D9E2-403A-A907-64348E952739} - System32\Tasks\{B3CAFF63-E2BB-46DD-8413-8886624B9A7C} => C:\Users\Paula\Desktop\Downloads\avira_antivir_personal_de609.exe [2011-01-27] ()
Task: {2224746E-5CFC-48E0-89CF-1A3AA51AEA8D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2BC78291-5B64-4D3C-934D-F1894BAD0787} - System32\Tasks\{5FE05CF0-3CF1-494C-A406-7B9C3C1205F8} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Task: {3ECC68C6-E2C5-4191-96DA-AE07FF7BEDC9} - System32\Tasks\{F00A186A-630B-49A6-956C-46E3DB0A2BA2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {62A69A7F-0BDB-45D4-B4AB-A4FFA1F2D6B7} - System32\Tasks\{47F9CF17-2A0C-4179-812F-02A59A171263} => C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe
Task: {6C77CCCD-9510-43C0-90EF-F296F4CB5443} - System32\Tasks\{96E187CA-3D74-4562-B558-F8D6DE40E38E} => C:\Users\Paula\Desktop\Downloads\avira_antivir_personal_de609.exe [2011-01-27] ()
Task: {7EE38988-AB08-4453-AA80-C802C1252B79} - System32\Tasks\{21A303CA-1074-45ED-BEDF-7DC23FB69BDF} => C:\Users\Paula\Desktop\Stufe\avira_free_antivirus_de.exe
Task: {8813E5D3-87AE-4768-B14F-387BD05ACF8D} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {94A6DB14-A166-40F1-A289-C1AB91B85AA7} - System32\Tasks\{A0D3ACA3-AF85-4C31-BBA1-56F427CC9FD1} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Task: {B3038D87-CE94-422A-9FDC-9D893BB5CEE3} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {CD819A81-4C92-4F0E-9242-D3431D89ACF4} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.)
Task: {D7124D21-9D3D-430E-9095-5CA5C98AB530} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-04-17] (Samsung Electronics. Co. Ltd.)
Task: {D774F9DD-6A0C-478D-A6E1-DF1734E28C67} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {E0AE514E-34F8-42BF-8EF8-B6BD4BD52D96} - System32\Tasks\{27725434-10B2-41EA-843B-EB5ED3C8D687} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {EB8F3FFE-B076-4E82-8CB6-A2DE27366159} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {EDCACFEC-9D3B-400E-83BB-3EBCF095C234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {F56B76B9-95E0-47F8-8A07-72DDB540B015} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-04-07] (Samsung Electronics Co., Ltd.)
Task: {F9CE13F9-8BA6-4A7A-9512-FC0F318C1BB5} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-02-12 06:32 - 2009-02-12 06:32 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-01 02:01 - 2010-06-01 02:01 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-08-14 07:15 - 2013-08-13 08:32 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-08 10:08 - 2013-12-08 10:08 - 00115137 _____ () C:\Users\Paula\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll
2010-06-01 02:09 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2013-11-18 15:25 - 2013-11-18 15:25 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/07/2013 03:49:56 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/06/2013 03:37:48 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16736 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 8cc
Startzeit: 01cef28dc866f07f
Endzeit: 25
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
Error: (12/06/2013 00:58:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/06/2013 10:36:30 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: Q:\
Ausführungskontext: Coordinator
Error: (12/06/2013 10:36:29 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: Q:\
Ausführungskontext: Coordinator
System errors:
=============
Error: (12/08/2013 10:08:53 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.
Error: (12/07/2013 03:55:12 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.
Error: (12/07/2013 03:53:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/07/2013 03:53:11 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/07/2013 03:53:11 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/07/2013 03:50:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/07/2013 03:42:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/07/2013 03:42:51 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/07/2013 03:40:21 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.
Error: (12/07/2013 03:38:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:
%%-2147467243
Microsoft Office Sessions:
=========================
Error: (12/07/2013 03:49:56 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/06/2013 03:37:48 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.167368cc01cef28dc866f07f25C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
Error: (12/06/2013 00:58:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/06/2013 10:36:30 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: Q:\
Ausführungskontext: Coordinator
Error: (12/06/2013 10:36:29 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: Q:\
Ausführungskontext: Coordinator
CodeIntegrity Errors:
===================================
Date: 2013-12-07 15:53:11.615
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-07 15:53:11.412
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-07 15:53:11.210
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-07 15:53:11.007
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-07 15:32:48.006
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-07 15:32:47.819
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 3946.18 MB
Available physical RAM: 2386.25 MB
Total Pagefile: 7890.54 MB
Available Pagefile: 5923.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:179 GB) (Free:100.11 GB) NTFS
Drive d: () (Fixed) (Total:266.66 GB) (Free:249.1 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 4394EB81)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=179 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=267 GB) - (Type=OF Extended)
==================== End Of Log ============================
Liebe Grüße und einen schönen Sonntag! |
|
08.12.2013, 21:46
| #8 |
| Ruhe in Frieden † 2019 | Nationzoom-Virus, was kann ich tun? Hallo Paula, sehr schön, danke. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
C:\Program Files\Enigma Software Group
C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\delta.xml
C:\Users\Paula\Documents\Optimizer Pro
C:\Program Files (x86)\Optimizer Pro
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\BrowserCompanion
C:\Users\Paula\AppData\Roaming\BrowserCompanion
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
Schritt 3 Starte noch einmal FRST.
|
|
08.12.2013, 22:41
| #9 |
| | Nationzoom-Virus, was kann ich tun? Hallo Sandra! Hier die Dateien. Für mich sind das Hieroglpyphen Ich kann nicht genug sagen, wie dankbar ich bin, dass Du mir bei meinem Problem hilfst! Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2013 02
Ran by Paula at 2013-12-08 22:27:11 Run:1
Running from C:\Users\Paula\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
C:\Program Files\Enigma Software Group
C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX&q={searchTerms}
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\delta.xml
C:\Users\Paula\Documents\Optimizer Pro
C:\Program Files (x86)\Optimizer Pro
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\BrowserCompanion
C:\Users\Paula\AppData\Roaming\BrowserCompanion
*****************
EsgScanner => Service not found.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\delta.xml => Moved successfully.
C:\Users\Paula\Documents\Optimizer Pro => Moved successfully.
C:\Program Files (x86)\Optimizer Pro => Moved successfully.
C:\Program Files (x86)\MyPC Backup => Moved successfully.
"C:\Program Files (x86)\BrowserCompanion" => File/Directory not found.
C:\Users\Paula\AppData\Roaming\BrowserCompanion => Moved successfully.
==== End of Fixlog ====
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 22:28 on 08/12/2013 by Paula
Administrator - Elevation successful
========== filefind ==========
Searching for "*nationzoom*"
C:\Program Files (x86)\Mozilla Firefox\searchplugins\nationzoom.xml --a---- 574 bytes [18:20 03/12/2013] [18:20 03/12/2013] 6DAEC184708D3DD70D6626BB0FDFABE0
C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\INUQQURU\nationzoom-com-2-entfernen[1].htm --a---- 23028 bytes [15:11 06/12/2013] [15:11 06/12/2013] C6C305DE58B8DABF2F34573CEA8766AD
C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V7GZTTVN\145703-nationzoom-virus-tun[1].htm --a---- 269825 bytes [21:22 08/12/2013] [21:22 08/12/2013] 55E5635C9FD2D88E4D1B10E1CF76F21E
C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V7GZTTVN\nationzoom-virus-tun_ltr[1].gif --a---- 1035 bytes [15:22 06/12/2013] [15:22 06/12/2013] 279A7CCAE1D652E0EB03D9FB5B067B16
C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X0YITDJM\nationzoom_com[1].htm --a---- 63336 bytes [14:52 06/12/2013] [14:52 06/12/2013] 85B7B04AC975D291235F2209B61C3FEF
C:\Users\Paula\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K37UIVRI\www.nationzoom[1].xml --a---- 13 bytes [14:52 06/12/2013] [14:52 06/12/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
Searching for "*skytech*"
No files found.
========== folderfind ==========
Searching for "*nationzoom*"
No folders found.
Searching for "*skytech*"
No folders found.
========== regfind ==========
Searching for "*nationzoom*"
No data found.
Searching for "*skytech*"
No data found.
========== process ==========
baofeng.exe - Unable to open process handle.
-= EOF =-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2013 02
Ran by Paula (administrator) on PAULA-PC on 08-12-2013 22:33:41
Running from C:\Users\Paula\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Spotify Ltd) C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\SysWOW64\Rezip.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-07] ()
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-08] (Spotify Ltd)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - DefaultScope {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390
SearchScopes: HKCU - bProtectorDefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.93.48.210 134.93.48.196
FireFox:
========
FF ProfilePath: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default
FF user.js: detected! => C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\user.js
FF NewTab: about:blank
FF DefaultSearchEngine: Search By ZoneAlarm
FF SelectedSearchEngine: Search By ZoneAlarm
FF Homepage: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Firefox.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Plusnetwork.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: zonealarm.com - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: ICQ Toolbar - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: DVDVideoSoftTB - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: DVDVideoSoft Menu - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
Chrome:
=======
CHR HomePage: hxxp://www.searchplusnetwork.com/?sp=vit4
CHR RestoreOnStartup: "hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&"
CHR DefaultSearchProvider: Search By ZoneAlarm
CHR DefaultSearchURL: hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&
CHR DefaultSuggestURL: "suggest_url" : ""
CHR Extension: (SiteAdvisor) - C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
==================== Drivers (Whitelisted) ====================
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-10] (Windows (R) 2003 DDK 3790 provider)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-12-21] (MCCI Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-08 22:28 - 2013-12-08 22:32 - 00003622 _____ C:\Users\Paula\Desktop\SystemLook.txt
2013-12-08 22:28 - 2013-12-08 22:28 - 00165376 _____ C:\Users\Paula\Desktop\SystemLook_x64.exe
2013-12-08 22:27 - 2013-12-08 22:27 - 00000000 ____D C:\Users\Paula\Desktop\FRST-OlderVersion
2013-12-08 22:25 - 2013-12-08 22:27 - 01927772 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe
2013-12-08 22:24 - 2013-12-08 22:24 - 00003217 _____ C:\Users\Paula\fixlist.txt
2013-12-08 10:30 - 2013-12-08 10:31 - 00026939 _____ C:\Users\Paula\Desktop\Addition.txt
2013-12-07 16:14 - 2013-12-08 22:34 - 00012915 _____ C:\Users\Paula\Desktop\FRST.txt
2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt
2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe
2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt
2013-12-07 15:26 - 2013-12-07 16:01 - 00000000 ____D C:\Qoobox
2013-12-07 15:26 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-07 15:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-07 15:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-07 15:25 - 2013-12-07 15:59 - 00000000 ____D C:\Windows\erdnt
2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe
2013-12-07 09:42 - 2013-12-08 22:27 - 00000000 ____D C:\FRST
2013-12-07 09:26 - 2013-12-08 22:16 - 00000392 _____ C:\Windows\setupact.log
2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log
2013-12-07 09:24 - 2013-12-07 15:54 - 00003036 _____ C:\Windows\PFRO.log
2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint
2013-12-06 10:05 - 2013-12-06 10:08 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk
2013-12-06 10:05 - 2013-12-06 10:08 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi
2013-12-06 10:02 - 2013-12-06 10:02 - 00401752 _____ (Softonic ) C:\Users\Paula\Downloads\SoftonicDownloader_fuer_hijackthis.exe
2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner
2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe
2013-12-05 19:06 - 2013-12-06 10:24 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe
2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat
2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun
2013-12-03 19:20 - 2013-12-06 16:00 - 00000000 ____D C:\ProgramData\WPM
2013-11-25 18:36 - 2013-11-25 19:04 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls
2013-11-25 11:57 - 2013-12-05 15:07 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp
2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp
2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ
2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj
2013-11-17 13:13 - 2013-11-18 17:42 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp
2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp
2013-11-13 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 21:44 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 21:44 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 21:44 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 21:44 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 20:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 20:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 20:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 20:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 20:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 20:40 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 20:40 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 20:40 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 20:40 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 20:40 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 20:40 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 20:40 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 20:40 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 20:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 20:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 20:40 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 20:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 20:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 20:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 20:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 20:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 20:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 20:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 20:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 20:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 20:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 20:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 20:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 20:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 20:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
==================== One Month Modified Files and Folders =======
2013-12-08 22:34 - 2013-12-07 16:14 - 00012915 _____ C:\Users\Paula\Desktop\FRST.txt
2013-12-08 22:32 - 2013-12-08 22:28 - 00003622 _____ C:\Users\Paula\Desktop\SystemLook.txt
2013-12-08 22:28 - 2013-12-08 22:28 - 00165376 _____ C:\Users\Paula\Desktop\SystemLook_x64.exe
2013-12-08 22:27 - 2013-12-08 22:27 - 00000000 ____D C:\Users\Paula\Desktop\FRST-OlderVersion
2013-12-08 22:27 - 2013-12-08 22:25 - 01927772 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe
2013-12-08 22:27 - 2013-12-07 09:42 - 00000000 ____D C:\FRST
2013-12-08 22:25 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-08 22:25 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-08 22:24 - 2013-12-08 22:24 - 00003217 _____ C:\Users\Paula\fixlist.txt
2013-12-08 22:24 - 2011-01-25 19:48 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2791A68D-C69A-4C65-8CB5-A1EECA16B518}
2013-12-08 22:24 - 2011-01-25 18:37 - 00000000 ____D C:\Users\Paula
2013-12-08 22:21 - 2010-06-01 02:03 - 01458752 _____ C:\Windows\WindowsUpdate.log
2013-12-08 22:16 - 2013-12-07 09:26 - 00000392 _____ C:\Windows\setupact.log
2013-12-08 22:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 19:24 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Spotify
2013-12-08 19:24 - 2011-01-25 21:45 - 00000000 ____D C:\Users\Paula\AppData\Roaming\SoftGrid Client
2013-12-08 19:10 - 2013-04-05 17:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-08 10:31 - 2013-12-08 10:30 - 00026939 _____ C:\Users\Paula\Desktop\Addition.txt
2013-12-07 19:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-07 17:25 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Spotify
2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt
2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe
2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt
2013-12-07 16:01 - 2013-12-07 15:26 - 00000000 ____D C:\Qoobox
2013-12-07 16:01 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-07 15:59 - 2013-12-07 15:25 - 00000000 ____D C:\Windows\erdnt
2013-12-07 15:55 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-07 15:54 - 2013-12-07 09:24 - 00003036 _____ C:\Windows\PFRO.log
2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe
2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 16:09 - 2011-07-20 22:10 - 00000000 ____D C:\Users\Paula\AppData\Roaming\DVDVideoSoft
2013-12-06 16:08 - 2011-01-25 18:57 - 00000000 ___RD C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-06 16:07 - 2010-06-01 18:30 - 02980236 _____ C:\Windows\system32\perfh007.dat
2013-12-06 16:07 - 2010-06-01 18:30 - 00881166 _____ C:\Windows\system32\perfc007.dat
2013-12-06 16:07 - 2009-07-14 06:13 - 00006492 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-06 16:03 - 2010-06-01 01:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO
2013-12-06 16:00 - 2013-12-03 19:20 - 00000000 ____D C:\ProgramData\WPM
2013-12-06 10:24 - 2013-12-05 19:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing
2013-12-06 10:09 - 2011-01-25 18:57 - 00000000 ____D C:\Users\Paula\AppData\Local\VirtualStore
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-12-06 10:08 - 2013-12-06 10:05 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk
2013-12-06 10:08 - 2013-12-06 10:05 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint
2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi
2013-12-06 10:02 - 2013-12-06 10:02 - 00401752 _____ (Softonic ) C:\Users\Paula\Downloads\SoftonicDownloader_fuer_hijackthis.exe
2013-12-06 09:57 - 2011-08-21 20:56 - 00000000 ____D C:\Users\Paula\AppData\Roaming\FileZilla
2013-12-06 09:57 - 2011-07-16 19:51 - 00000000 ____D C:\Users\Paula\Tracing
2013-12-06 09:54 - 2011-07-17 21:17 - 00000000 ____D C:\Windows\Minidump
2013-12-06 09:54 - 2009-08-02 03:27 - 00000000 ____D C:\Windows\Panther
2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner
2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe
2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat
2013-12-05 15:07 - 2013-11-25 11:57 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp
2013-12-05 14:56 - 2013-08-14 07:15 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-04 14:50 - 2011-01-25 18:39 - 00000000 ____D C:\Program Files (x86)\Game Pack
2013-12-04 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun
2013-12-03 19:27 - 2011-01-25 21:42 - 00006474 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-03 19:20 - 2011-02-21 22:06 - 00002161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-03 19:20 - 2011-01-25 18:57 - 00001655 _____ C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 19:18 - 2013-08-18 21:16 - 00000000 ____D C:\Users\Paula\Desktop\Stufe
2013-12-02 20:37 - 2011-07-12 14:48 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Skype
2013-11-26 20:41 - 2013-08-14 07:17 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-26 20:41 - 2013-08-14 07:15 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-26 20:41 - 2013-08-14 07:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-25 19:04 - 2013-11-25 18:36 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls
2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp
2013-11-24 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-24 21:12 - 2011-11-03 17:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Akamai
2013-11-24 21:12 - 2010-06-01 02:11 - 00000000 ____D C:\ProgramData\WinClon
2013-11-24 21:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-20 16:34 - 2013-04-04 13:59 - 00002018 ____H C:\Users\Paula\Documents\Default.rdp
2013-11-19 12:34 - 2012-05-06 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 17:42 - 2013-11-17 13:13 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp
2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ
2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj
2013-11-17 14:56 - 2013-07-13 15:15 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
2013-11-17 14:50 - 2012-07-02 14:54 - 00000000 ____D C:\Users\Paula\Desktop\Jura Studium
2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp
2013-11-14 09:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 21:44 - 2013-07-22 06:56 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 21:40 - 2011-01-28 23:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2011-01-27 17:30 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Paula\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-01 18:18
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2013 02
Ran by Paula at 2013-12-08 22:35:06
Running from C:\Users\Paula\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Alice Greenfingers (x32)
Apple Application Support (x32 Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.774.0)
Avira Free Antivirus (x32 Version: 14.0.1.759)
BatteryLifeExtender (x32 Version: 1.0.3)
Broadcom 802.11 Network Adapter (Version: 5.60.48.44)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Light (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center InstallProxy (x32 Version: 2010.0504.2152.37420)
Catalyst Control Center Localization All (x32 Version: 2010.0504.2152.37420)
CCC Help Chinese Standard (x32 Version: 2010.0504.2151.37420)
CCC Help Chinese Traditional (x32 Version: 2010.0504.2151.37420)
CCC Help Czech (x32 Version: 2010.0504.2151.37420)
CCC Help Danish (x32 Version: 2010.0504.2151.37420)
CCC Help Dutch (x32 Version: 2010.0504.2151.37420)
CCC Help English (x32 Version: 2010.0504.2151.37420)
CCC Help Finnish (x32 Version: 2010.0504.2151.37420)
CCC Help French (x32 Version: 2010.0504.2151.37420)
CCC Help German (x32 Version: 2010.0504.2151.37420)
CCC Help Greek (x32 Version: 2010.0504.2151.37420)
CCC Help Hungarian (x32 Version: 2010.0504.2151.37420)
CCC Help Italian (x32 Version: 2010.0504.2151.37420)
CCC Help Japanese (x32 Version: 2010.0504.2151.37420)
CCC Help Korean (x32 Version: 2010.0504.2151.37420)
CCC Help Norwegian (x32 Version: 2010.0504.2151.37420)
CCC Help Polish (x32 Version: 2010.0504.2151.37420)
CCC Help Portuguese (x32 Version: 2010.0504.2151.37420)
CCC Help Russian (x32 Version: 2010.0504.2151.37420)
CCC Help Spanish (x32 Version: 2010.0504.2151.37420)
CCC Help Swedish (x32 Version: 2010.0504.2151.37420)
CCC Help Thai (x32 Version: 2010.0504.2151.37420)
CCC Help Turkish (x32 Version: 2010.0504.2151.37420)
ccc-core-static (x32 Version: 2010.0504.2152.37420)
ccc-utility64 (Version: 2010.0504.2152.37420)
CCleaner (Version: 4.08)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.661)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.661)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.661)
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.2)
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1)
CorelDRAW Graphics Suite X5 (x32 Version: 15.2)
CorelDRAW(R) Graphics Suite X5 (x32 Version: 15.2.0.661)
CyberLink YouCam (x32 Version: 2.0.3911)
Daycare Nightmare (x32)
Easy Content Share (x32 Version: 1.0.0.13)
Easy Display Manager (x32 Version: 3.1)
Easy Network Manager (x32 Version: 4.3.1)
Easy SpeedUp Manager (x32 Version: 2.1.0.11)
EasyBatteryManager (x32 Version: 4.0.0.4)
EasyFileShare (x32 Version: 1.0.3)
ETDWare PS/2-x64 7.0.7.0_WHQL (Version: 7.0.7.0)
FileZilla Client 3.5.0 (x32 Version: 3.5.0)
Flip Words (x32)
Free Audio CD Burner version 1.4.7 (x32)
Galapago (x32)
Game Pack (x32 Version: 6.3.1.1)
Gem Shop (x32)
HiJackThis (x32 Version: 1.0.0)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (x32 Version: 1)
Insaniquarium Deluxe (x32)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.3.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
IrfanView (remove only) (x32 Version: 4.30)
iTunes (Version: 10.5.2.11)
LibreOffice 3.3 (x32 Version: 3.3.401)
Mahjong Escape Ancient China (x32)
Marvell Miniport Driver (x32 Version: 11.22.3.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (x32 Version: 9.0.30729)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
OpenOffice.org 3.4 (x32 Version: 3.4.9590)
PhotoStage Slideshow Producer (x32)
Picasa 3 (x32 Version: 3.9)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6083)
REALTEK Wireless LAN Software (x32 Version: 0133.09.1202)
Samsung Kies (x32 Version: 2.2.0.12014_18)
Samsung Recovery Solution 4 (x32 Version: 4.0.0.6)
Samsung Support Center (x32 Version: 1.0.2)
Samsung Update Plus (x32 Version: 2.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 5.10 (x32 Version: 5.10.116)
Spotify (HKCU Version: 0.9.6.81.gd359a796)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
User Guide (x32 Version: 1.0)
Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
==================== Restore Points =========================
04-12-2013 22:27:54 Windows Update
05-12-2013 07:57:31 Windows Update
05-12-2013 15:06:00 Installed SpyHunter
06-12-2013 09:04:52 Installed HiJackThis
06-12-2013 15:03:14 Removed Atheros Client Installation Program
06-12-2013 15:05:47 Removed HiJackThis
06-12-2013 15:08:03 Removed Bonjour
07-12-2013 14:12:52 Removed SpyHunter
07-12-2013 14:16:14 Removed Java(TM) 6 Update 22
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-12-07 15:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {100C4F02-D9E2-403A-A907-64348E952739} - System32\Tasks\{B3CAFF63-E2BB-46DD-8413-8886624B9A7C} => C:\Users\Paula\Desktop\Downloads\avira_antivir_personal_de609.exe [2011-01-27] ()
Task: {2224746E-5CFC-48E0-89CF-1A3AA51AEA8D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2BC78291-5B64-4D3C-934D-F1894BAD0787} - System32\Tasks\{5FE05CF0-3CF1-494C-A406-7B9C3C1205F8} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Task: {3ECC68C6-E2C5-4191-96DA-AE07FF7BEDC9} - System32\Tasks\{F00A186A-630B-49A6-956C-46E3DB0A2BA2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {62A69A7F-0BDB-45D4-B4AB-A4FFA1F2D6B7} - System32\Tasks\{47F9CF17-2A0C-4179-812F-02A59A171263} => C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe
Task: {6C77CCCD-9510-43C0-90EF-F296F4CB5443} - System32\Tasks\{96E187CA-3D74-4562-B558-F8D6DE40E38E} => C:\Users\Paula\Desktop\Downloads\avira_antivir_personal_de609.exe [2011-01-27] ()
Task: {7EE38988-AB08-4453-AA80-C802C1252B79} - System32\Tasks\{21A303CA-1074-45ED-BEDF-7DC23FB69BDF} => C:\Users\Paula\Desktop\Stufe\avira_free_antivirus_de.exe
Task: {8813E5D3-87AE-4768-B14F-387BD05ACF8D} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {94A6DB14-A166-40F1-A289-C1AB91B85AA7} - System32\Tasks\{A0D3ACA3-AF85-4C31-BBA1-56F427CC9FD1} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Task: {B3038D87-CE94-422A-9FDC-9D893BB5CEE3} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {CD819A81-4C92-4F0E-9242-D3431D89ACF4} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.)
Task: {D7124D21-9D3D-430E-9095-5CA5C98AB530} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-04-17] (Samsung Electronics. Co. Ltd.)
Task: {D774F9DD-6A0C-478D-A6E1-DF1734E28C67} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {E0AE514E-34F8-42BF-8EF8-B6BD4BD52D96} - System32\Tasks\{27725434-10B2-41EA-843B-EB5ED3C8D687} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {EB8F3FFE-B076-4E82-8CB6-A2DE27366159} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {EDCACFEC-9D3B-400E-83BB-3EBCF095C234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {F56B76B9-95E0-47F8-8A07-72DDB540B015} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-04-07] (Samsung Electronics Co., Ltd.)
Task: {F9CE13F9-8BA6-4A7A-9512-FC0F318C1BB5} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-02-12 06:32 - 2009-02-12 06:32 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-01 02:01 - 2010-06-01 02:01 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-08-14 07:15 - 2013-08-13 08:32 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-01 02:09 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2013-12-08 10:08 - 2013-12-08 10:08 - 00115137 _____ () C:\Users\Paula\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/08/2013 06:49:32 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16736 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 160c
Startzeit: 01cef41a3d4f84d2
Endzeit: 28
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (12/07/2013 03:49:56 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/06/2013 03:37:48 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16736 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 8cc
Startzeit: 01cef28dc866f07f
Endzeit: 25
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
Error: (12/06/2013 00:58:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/06/2013 10:36:30 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: Q:\
Ausführungskontext: Coordinator
System errors:
=============
Error: (12/08/2013 10:17:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/08/2013 10:17:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Application Virtualization Client" ist vom Dienst "Application Virtualization Service Agent" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1053
Error: (12/08/2013 10:17:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Application Virtualization Service Agent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/08/2013 10:17:25 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Application Virtualization Service Agent erreicht.
Error: (12/08/2013 07:24:20 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (12/08/2013 10:08:53 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.
Error: (12/07/2013 03:55:12 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.
Error: (12/07/2013 03:53:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/07/2013 03:53:11 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/07/2013 03:53:11 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office Sessions:
=========================
Error: (12/08/2013 06:49:32 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16736160c01cef41a3d4f84d228C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (12/07/2013 03:49:56 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/06/2013 04:07:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/06/2013 03:37:48 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.167368cc01cef28dc866f07f25C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
Error: (12/06/2013 00:58:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
Error: (12/06/2013 00:58:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/06/2013 10:36:30 AM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{945fba9d-28a9-11e0-a498-002454c53d1b}\'0x80070005, Zugriff verweigert
Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: Q:\
Ausführungskontext: Coordinator
CodeIntegrity Errors:
===================================
Date: 2013-12-07 15:53:11.615
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-07 15:53:11.412
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-07 15:53:11.210
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-07 15:53:11.007
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-07 15:32:48.006
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-07 15:32:47.819
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 3946.18 MB
Available physical RAM: 2381.03 MB
Total Pagefile: 7890.54 MB
Available Pagefile: 6028.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:179 GB) (Free:99.44 GB) NTFS
Drive d: () (Fixed) (Total:266.66 GB) (Free:249.1 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 4394EB81)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=179 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=267 GB) - (Type=OF Extended)
==================== End Of Log ============================
Paula |
|
09.12.2013, 10:46
| #10 | ||
| Ruhe in Frieden † 2019 | Nationzoom-Virus, was kann ich tun? Hallo Paula, Zitat:
Zitat:
Deine Logs sehen schon sehr viel besser aus, was machen deine Browser, ist nationzoom verschwunden? Wie läuft dein Rechner jetzt? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X0YITDJM\nationzoom_com[1].htm
C:\Users\Paula\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K37UIVRI\www.nationzoom[1].xml
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern  ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
|
|
09.12.2013, 14:07
| #11 |
| | Nationzoom-Virus, was kann ich tun? Der Rechner läuft schon seeehr viel flüssiger. Während dem Surfen kommen auch keine Fenster mehr und er wird allgemein nicht mehr so heiß. Aber Nationzoom ist immer noch da. Hier die Dateien: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2013 03
Ran by Paula at 2013-12-09 11:17:19 Run:3
Running from C:\Users\Paula\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X0YITDJM\nationzoom_com[1].htm
C:\Users\Paula\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K37UIVRI\www.nationzoom[1].xml
*****************
"C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml" => not found.
"C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X0YITDJM\nationzoom_com[1].htm" => File/Directory not found.
"C:\Users\Paula\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K37UIVRI\www.nationzoom[1].xml" => File/Directory not found.
==== End of Fixlog ====
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.09.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 Paula :: PAULA-PC [Administrator] Schutz: Aktiviert 09.12.2013 11:21:48 mbam-log-2013-12-09 (11-21-48).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213864 Laufzeit: 6 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 6 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\nationzoomSoftware (PUP.Optional.NationZoom.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. FRST folgt sogleich Hier ist's: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2013 03
Ran by Paula (administrator) on PAULA-PC on 09-12-2013 14:09:43
Running from C:\Users\Paula\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Windows\SysWOW64\Rezip.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Spotify Ltd) C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-07] ()
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-08] (Spotify Ltd)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - DefaultScope {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390
SearchScopes: HKCU - {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.93.48.210 134.93.48.196
FireFox:
========
FF ProfilePath: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default
FF user.js: detected! => C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\user.js
FF NewTab: about:blank
FF DefaultSearchEngine: Search By ZoneAlarm
FF SelectedSearchEngine: Search By ZoneAlarm
FF Homepage: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Firefox.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Plusnetwork.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: zonealarm.com - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: ICQ Toolbar - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: DVDVideoSoftTB - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: DVDVideoSoft Menu - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.searchplusnetwork.com/?sp=vit4
CHR RestoreOnStartup: "hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&"
CHR DefaultSearchProvider: Search By ZoneAlarm
CHR DefaultSearchURL: hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&
CHR DefaultSuggestURL: "suggest_url" : ""
CHR Extension: (SiteAdvisor) - C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
==================== Drivers (Whitelisted) ====================
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-10] (Windows (R) 2003 DDK 3790 provider)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-12-21] (MCCI Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-09 11:38 - 2013-12-09 11:38 - 02347384 _____ (ESET) C:\Users\Paula\Desktop\esetsmartinstaller_enu.exe
2013-12-09 11:19 - 2013-12-09 11:19 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Malwarebytes
2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-09 11:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-09 11:18 - 2013-12-09 11:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paula\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-08 22:28 - 2013-12-08 22:32 - 00003622 _____ C:\Users\Paula\Desktop\SystemLook.txt
2013-12-08 22:28 - 2013-12-08 22:28 - 00165376 _____ C:\Users\Paula\Desktop\SystemLook_x64.exe
2013-12-08 22:27 - 2013-12-09 11:15 - 00000000 ____D C:\Users\Paula\Desktop\FRST-OlderVersion
2013-12-08 22:25 - 2013-12-09 11:15 - 01927998 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe
2013-12-08 22:24 - 2013-12-08 22:24 - 00003217 _____ C:\Users\Paula\fixlist.txt
2013-12-08 10:30 - 2013-12-08 22:35 - 00026375 _____ C:\Users\Paula\Desktop\Addition.txt
2013-12-07 16:14 - 2013-12-09 14:09 - 00013968 _____ C:\Users\Paula\Desktop\FRST.txt
2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt
2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe
2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt
2013-12-07 15:26 - 2013-12-07 16:01 - 00000000 ____D C:\Qoobox
2013-12-07 15:26 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-07 15:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-07 15:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-07 15:25 - 2013-12-07 15:59 - 00000000 ____D C:\Windows\erdnt
2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe
2013-12-07 09:42 - 2013-12-09 11:15 - 00000000 ____D C:\FRST
2013-12-07 09:26 - 2013-12-09 11:31 - 00000560 _____ C:\Windows\setupact.log
2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log
2013-12-07 09:24 - 2013-12-09 11:31 - 00006500 _____ C:\Windows\PFRO.log
2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint
2013-12-06 10:05 - 2013-12-06 10:08 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk
2013-12-06 10:05 - 2013-12-06 10:08 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi
2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner
2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe
2013-12-05 19:06 - 2013-12-06 10:24 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe
2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat
2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun
2013-12-03 19:20 - 2013-12-06 16:00 - 00000000 ____D C:\ProgramData\WPM
2013-11-25 18:36 - 2013-11-25 19:04 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten.xls
2013-11-25 11:57 - 2013-12-05 15:07 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp
2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp
2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ
2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj
2013-11-17 13:13 - 2013-11-18 17:42 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp
2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp
2013-11-13 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 21:44 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 21:44 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 21:44 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 21:44 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 20:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 20:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 20:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 20:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 20:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 20:40 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 20:40 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 20:40 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 20:40 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 20:40 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 20:40 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 20:40 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 20:40 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 20:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 20:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 20:40 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 20:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 20:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 20:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 20:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 20:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 20:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 20:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 20:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 20:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 20:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 20:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 20:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 20:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 20:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
==================== One Month Modified Files and Folders =======
2013-12-09 14:10 - 2013-12-07 16:14 - 00013968 _____ C:\Users\Paula\Desktop\FRST.txt
2013-12-09 14:10 - 2013-04-05 17:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-09 13:54 - 2010-06-01 02:03 - 01550019 _____ C:\Windows\WindowsUpdate.log
2013-12-09 13:24 - 2011-01-25 19:48 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2791A68D-C69A-4C65-8CB5-A1EECA16B518}
2013-12-09 11:39 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 11:39 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 11:38 - 2013-12-09 11:38 - 02347384 _____ (ESET) C:\Users\Paula\Desktop\esetsmartinstaller_enu.exe
2013-12-09 11:31 - 2013-12-07 09:26 - 00000560 _____ C:\Windows\setupact.log
2013-12-09 11:31 - 2013-12-07 09:24 - 00006500 _____ C:\Windows\PFRO.log
2013-12-09 11:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-09 11:19 - 2013-12-09 11:19 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Malwarebytes
2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-09 11:18 - 2013-12-09 11:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paula\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-09 11:15 - 2013-12-08 22:27 - 00000000 ____D C:\Users\Paula\Desktop\FRST-OlderVersion
2013-12-09 11:15 - 2013-12-08 22:25 - 01927998 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe
2013-12-09 11:15 - 2013-12-07 09:42 - 00000000 ____D C:\FRST
2013-12-08 22:35 - 2013-12-08 10:30 - 00026375 _____ C:\Users\Paula\Desktop\Addition.txt
2013-12-08 22:32 - 2013-12-08 22:28 - 00003622 _____ C:\Users\Paula\Desktop\SystemLook.txt
2013-12-08 22:28 - 2013-12-08 22:28 - 00165376 _____ C:\Users\Paula\Desktop\SystemLook_x64.exe
2013-12-08 22:24 - 2013-12-08 22:24 - 00003217 _____ C:\Users\Paula\fixlist.txt
2013-12-08 22:24 - 2011-01-25 18:37 - 00000000 ____D C:\Users\Paula
2013-12-08 19:24 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Spotify
2013-12-08 19:24 - 2011-01-25 21:45 - 00000000 ____D C:\Users\Paula\AppData\Roaming\SoftGrid Client
2013-12-07 19:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-07 17:25 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Spotify
2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt
2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe
2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt
2013-12-07 16:01 - 2013-12-07 15:26 - 00000000 ____D C:\Qoobox
2013-12-07 16:01 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-07 15:59 - 2013-12-07 15:25 - 00000000 ____D C:\Windows\erdnt
2013-12-07 15:55 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe
2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 16:09 - 2011-07-20 22:10 - 00000000 ____D C:\Users\Paula\AppData\Roaming\DVDVideoSoft
2013-12-06 16:08 - 2011-01-25 18:57 - 00000000 ___RD C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-06 16:07 - 2010-06-01 18:30 - 02980236 _____ C:\Windows\system32\perfh007.dat
2013-12-06 16:07 - 2010-06-01 18:30 - 00881166 _____ C:\Windows\system32\perfc007.dat
2013-12-06 16:07 - 2009-07-14 06:13 - 00006492 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-06 16:03 - 2010-06-01 01:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO
2013-12-06 16:00 - 2013-12-03 19:20 - 00000000 ____D C:\ProgramData\WPM
2013-12-06 10:24 - 2013-12-05 19:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing
2013-12-06 10:09 - 2011-01-25 18:57 - 00000000 ____D C:\Users\Paula\AppData\Local\VirtualStore
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-12-06 10:08 - 2013-12-06 10:05 - 00002975 _____ C:\Users\Paula\Desktop\HiJackThis.lnk
2013-12-06 10:08 - 2013-12-06 10:05 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint
2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi
2013-12-06 09:57 - 2011-08-21 20:56 - 00000000 ____D C:\Users\Paula\AppData\Roaming\FileZilla
2013-12-06 09:57 - 2011-07-16 19:51 - 00000000 ____D C:\Users\Paula\Tracing
2013-12-06 09:54 - 2011-07-17 21:17 - 00000000 ____D C:\Windows\Minidump
2013-12-06 09:54 - 2009-08-02 03:27 - 00000000 ____D C:\Windows\Panther
2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner
2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe
2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat
2013-12-05 15:07 - 2013-11-25 11:57 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp
2013-12-05 14:56 - 2013-08-14 07:15 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-04 14:50 - 2011-01-25 18:39 - 00000000 ____D C:\Program Files (x86)\Game Pack
2013-12-04 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun
2013-12-03 19:27 - 2011-01-25 21:42 - 00006474 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-03 19:20 - 2011-02-21 22:06 - 00002161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-03 19:20 - 2011-01-25 18:57 - 00001655 _____ C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 19:18 - 2013-08-18 21:16 - 00000000 ____D C:\Users\Paula\Desktop\Stufe
2013-12-02 20:37 - 2011-07-12 14:48 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Skype
2013-11-26 20:41 - 2013-08-14 07:17 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-26 20:41 - 2013-08-14 07:15 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-26 20:41 - 2013-08-14 07:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-25 19:04 - 2013-11-25 18:36 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten Uli Mack.xls
2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp
2013-11-24 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-24 21:12 - 2011-11-03 17:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Akamai
2013-11-24 21:12 - 2010-06-01 02:11 - 00000000 ____D C:\ProgramData\WinClon
2013-11-24 21:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-20 16:34 - 2013-04-04 13:59 - 00002018 ____H C:\Users\Paula\Documents\Default.rdp
2013-11-19 12:34 - 2012-05-06 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 17:42 - 2013-11-17 13:13 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp
2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ
2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj
2013-11-17 14:56 - 2013-07-13 15:15 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
2013-11-17 14:50 - 2012-07-02 14:54 - 00000000 ____D C:\Users\Paula\Desktop\Jura Studium
2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp
2013-11-14 09:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 21:44 - 2013-07-22 06:56 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 21:40 - 2011-01-28 23:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2011-01-27 17:30 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Paula\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-01 18:18
==================== End Of Log ============================
--- --- --- --- --- --- Liebe Grüße!! Edit: Kann es sein, dass ich vergessen habe die Datei von ESET zu schicken? Jetzt habe ich das Problem, dass ich ESET ja schon gelöscht habe und die Datei ja damit auch  Was soll ich jetzt tun? Paula und Technik *kopfschüttel* Geändert von Paula123 (09.12.2013 um 14:30 Uhr) |
|
09.12.2013, 22:44
| #12 |
| Ruhe in Frieden † 2019 | Nationzoom-Virus, was kann ich tun? Hallo Paula, angesichts der Art deiner Infektionen möchte ich dich bitten den ESET-Scan nochmal auszuführen. Was machen deine Browser nach dem folgenden Schritt? Schritt 1 Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
Schritt 2 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 3 Starte noch einmal FRST.
|
|
10.12.2013, 10:33
| #13 |
| | Nationzoom-Virus, was kann ich tun? Hallo Sandra! Hier die Dateien Code:
ATTFilter More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 12/10/2013 08:01:42 AM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\
* Shortcut Cleaned: C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
* Shortcut Cleaned: C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
* Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
Searching C:\Users\Paula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
* Shortcut Cleaned: C:\Users\Paula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
* Shortcut Cleaned: C:\Users\Paula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
* Shortcut Cleaned: C:\Users\Paula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
Searching C:\Users\Public\Desktop\
* Shortcut Cleaned: C:\Users\Public\Desktop\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1386094842&from=tugs&uid=HitachiXHTS545050B9A300_100804PBN40317EBBGTEX
Searching C:\Users\Paula\Desktop
7 bad shortcuts found.
Program finished at: 12/10/2013 08:01:49 AM
Execution time: 0 hours(s), 0 minute(s), and 6 seconds(s)
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5a4313fd05f7cd40b9dc4e6f9f7931d8
# engine=16202
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-10 09:29:25
# local_time=2013-12-10 10:29:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 9672 157339070 6050 0
# compatibility_mode=5893 16776573 100 94 9473 138297615 0 0
# scanned=190857
# found=5
# cleaned=0
# scan_time=8578
sh=4292DD35D8E102F2D3575BAFE421DAB3F9FEA2FD ft=1 fh=eea2cb929fff650f vn="a variant of Win32/Kryptik.BQIL trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Paula\AppData\Roaming\Opkiga\ahci.exe.vir"
sh=EB612CEE1AE09C0C1B59D8C821558F4E981D7695 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2011-3544.L trojan" ac=I fn="C:\Users\Paula\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\4775ce59-51d2aa18"
sh=AFA348F989F09BE9DD604B75723E7ADC74A72C92 ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.Agent.NDJ trojan" ac=I fn="C:\Users\Paula\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7950f419-1cfaed38"
sh=BC3F94F605C9D4649552410AFC4206D635A7E694 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Paula\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\35f60a1e-772ede87"
sh=EB612CEE1AE09C0C1B59D8C821558F4E981D7695 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2011-3544.L trojan" ac=I fn="C:\Users\Paula\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\289bade0-1a548957"
FRST folgt sogleich Hier ist's: Code:
ATTFilter ==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\SysWOW64\Rezip.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Spotify Ltd) C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Akamai Technologies, Inc.) C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() Q:\140066.deu\Office14\WINWORDC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() Q:\140066.deu\Office14\OffSpon.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Paula\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-07] ()
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Paula\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-08] (Spotify Ltd)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - DefaultScope {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390
SearchScopes: HKCU - {4D848C0C-1BD1-47FC-8A8E-C596F8EE5C28} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&&r=390
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.93.48.210 134.93.48.196
FireFox:
========
FF ProfilePath: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default
FF user.js: detected! => C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\user.js
FF NewTab: about:blank
FF DefaultSearchEngine: Search By ZoneAlarm
FF SelectedSearchEngine: Search By ZoneAlarm
FF Homepage: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Firefox.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\Plusnetwork.xml
FF SearchPlugin: C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: zonealarm.com - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: ICQ Toolbar - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: DVDVideoSoftTB - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: DVDVideoSoft Menu - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\6n19f4i7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.searchplusnetwork.com/?sp=vit4
CHR RestoreOnStartup: "hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&"
CHR DefaultSearchProvider: Search By ZoneAlarm
CHR DefaultSearchURL: hxxp://search.zonealarm.com/search?src=sp&tbid=Solo&Lan=&q={searchTerms}&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=&
CHR DefaultSuggestURL: "suggest_url" : ""
CHR Extension: (SiteAdvisor) - C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
==================== Drivers (Whitelisted) ====================
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-09-10] (Windows (R) 2003 DDK 3790 provider)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-12-21] (MCCI Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-10 08:04 - 2013-12-10 08:04 - 02347384 _____ (ESET) C:\Users\Paula\Desktop\esetsmartinstaller_enu.exe
2013-12-10 08:02 - 2013-12-10 08:02 - 00005724 _____ C:\Users\Paula\Desktop\sc-cleaner.txt
2013-12-10 08:01 - 2013-12-10 08:01 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Paula\Desktop\sc-cleaner.exe
2013-12-10 08:01 - 2013-12-10 08:01 - 00005724 _____ C:\sc-cleaner.txt
2013-12-09 11:19 - 2013-12-09 11:19 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Malwarebytes
2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-09 11:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-09 11:18 - 2013-12-09 11:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paula\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-08 22:28 - 2013-12-08 22:32 - 00003622 _____ C:\Users\Paula\Desktop\SystemLook.txt
2013-12-08 22:28 - 2013-12-08 22:28 - 00165376 _____ C:\Users\Paula\Desktop\SystemLook_x64.exe
2013-12-08 22:27 - 2013-12-10 10:34 - 00000000 ____D C:\Users\Paula\Desktop\FRST-OlderVersion
2013-12-08 22:25 - 2013-12-10 10:34 - 01927982 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe
2013-12-08 22:24 - 2013-12-08 22:24 - 00003217 _____ C:\Users\Paula\fixlist.txt
2013-12-08 10:30 - 2013-12-08 22:35 - 00026375 _____ C:\Users\Paula\Desktop\Addition.txt
2013-12-07 16:14 - 2013-12-10 10:35 - 00012971 _____ C:\Users\Paula\Desktop\FRST.txt
2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt
2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe
2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt
2013-12-07 15:26 - 2013-12-07 16:01 - 00000000 ____D C:\Qoobox
2013-12-07 15:26 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-07 15:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-07 15:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-07 15:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-07 15:25 - 2013-12-07 15:59 - 00000000 ____D C:\Windows\erdnt
2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe
2013-12-07 09:42 - 2013-12-10 10:34 - 00000000 ____D C:\FRST
2013-12-07 09:26 - 2013-12-10 07:42 - 00000616 _____ C:\Windows\setupact.log
2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log
2013-12-07 09:24 - 2013-12-09 11:31 - 00006500 _____ C:\Windows\PFRO.log
2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint
2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi
2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner
2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe
2013-12-05 19:06 - 2013-12-06 10:24 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe
2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat
2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun
2013-12-03 19:20 - 2013-12-06 16:00 - 00000000 ____D C:\ProgramData\WPM
2013-11-25 18:36 - 2013-11-25 19:04 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten.xls
2013-11-25 11:57 - 2013-12-05 15:07 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp
2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp
2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ
2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj
2013-11-17 13:13 - 2013-11-18 17:42 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp
2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp
2013-11-13 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 21:44 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 21:44 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 21:44 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 21:44 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 21:44 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 21:44 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 20:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 20:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 20:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 20:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 20:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 20:40 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 20:40 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 20:40 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 20:40 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 20:40 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 20:40 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 20:40 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 20:40 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 20:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 20:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 20:40 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 20:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 20:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 20:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 20:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 20:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 20:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 20:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 20:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 20:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 20:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 20:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 20:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 20:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 20:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
==================== One Month Modified Files and Folders =======
2013-12-10 10:36 - 2013-12-07 16:14 - 00012971 _____ C:\Users\Paula\Desktop\FRST.txt
2013-12-10 10:34 - 2013-12-08 22:27 - 00000000 ____D C:\Users\Paula\Desktop\FRST-OlderVersion
2013-12-10 10:34 - 2013-12-08 22:25 - 01927982 _____ (Farbar) C:\Users\Paula\Desktop\FRST64.exe
2013-12-10 10:34 - 2013-12-07 09:42 - 00000000 ____D C:\FRST
2013-12-10 10:25 - 2011-01-25 19:48 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2791A68D-C69A-4C65-8CB5-A1EECA16B518}
2013-12-10 10:10 - 2013-04-05 17:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-10 08:04 - 2013-12-10 08:04 - 02347384 _____ (ESET) C:\Users\Paula\Desktop\esetsmartinstaller_enu.exe
2013-12-10 08:02 - 2013-12-10 08:02 - 00005724 _____ C:\Users\Paula\Desktop\sc-cleaner.txt
2013-12-10 08:01 - 2013-12-10 08:01 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Paula\Desktop\sc-cleaner.exe
2013-12-10 08:01 - 2013-12-10 08:01 - 00005724 _____ C:\sc-cleaner.txt
2013-12-10 08:01 - 2011-02-21 22:06 - 00001943 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-10 08:01 - 2011-01-25 18:57 - 00001425 _____ C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-10 07:52 - 2010-06-01 02:03 - 01707077 _____ C:\Windows\WindowsUpdate.log
2013-12-10 07:52 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-10 07:52 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-10 07:42 - 2013-12-07 09:26 - 00000616 _____ C:\Windows\setupact.log
2013-12-10 07:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-09 22:52 - 2011-01-25 21:45 - 00000000 ____D C:\Users\Paula\AppData\Roaming\SoftGrid Client
2013-12-09 19:16 - 2011-01-25 18:39 - 00000000 ____D C:\Program Files (x86)\Game Pack
2013-12-09 19:13 - 2012-08-18 18:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-09 19:13 - 2010-06-01 02:12 - 00000000 ____D C:\ProgramData\Skype
2013-12-09 11:31 - 2013-12-07 09:24 - 00006500 _____ C:\Windows\PFRO.log
2013-12-09 11:19 - 2013-12-09 11:19 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Malwarebytes
2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-09 11:18 - 2013-12-09 11:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paula\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-08 22:35 - 2013-12-08 10:30 - 00026375 _____ C:\Users\Paula\Desktop\Addition.txt
2013-12-08 22:32 - 2013-12-08 22:28 - 00003622 _____ C:\Users\Paula\Desktop\SystemLook.txt
2013-12-08 22:28 - 2013-12-08 22:28 - 00165376 _____ C:\Users\Paula\Desktop\SystemLook_x64.exe
2013-12-08 22:24 - 2013-12-08 22:24 - 00003217 _____ C:\Users\Paula\fixlist.txt
2013-12-08 22:24 - 2011-01-25 18:37 - 00000000 ____D C:\Users\Paula
2013-12-08 19:24 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Spotify
2013-12-07 19:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-07 17:25 - 2012-09-30 13:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Spotify
2013-12-07 16:08 - 2013-12-07 16:08 - 00002082 _____ C:\Users\Paula\Desktop\FSS.txt
2013-12-07 16:07 - 2013-12-07 16:07 - 00708597 _____ (Farbar) C:\Users\Paula\Desktop\FSS.exe
2013-12-07 16:01 - 2013-12-07 16:01 - 00022994 _____ C:\ComboFix.txt
2013-12-07 16:01 - 2013-12-07 15:26 - 00000000 ____D C:\Qoobox
2013-12-07 16:01 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-07 15:59 - 2013-12-07 15:25 - 00000000 ____D C:\Windows\erdnt
2013-12-07 15:55 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-07 15:25 - 2013-12-07 15:25 - 05153293 ____R (Swearware) C:\Users\Paula\Desktop\ComboFix.exe
2013-12-07 09:26 - 2013-12-07 09:26 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 16:09 - 2011-07-20 22:10 - 00000000 ____D C:\Users\Paula\AppData\Roaming\DVDVideoSoft
2013-12-06 16:08 - 2011-01-25 18:57 - 00000000 ___RD C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-06 16:07 - 2010-06-01 18:30 - 02980236 _____ C:\Windows\system32\perfh007.dat
2013-12-06 16:07 - 2010-06-01 18:30 - 00881166 _____ C:\Windows\system32\perfc007.dat
2013-12-06 16:07 - 2009-07-14 06:13 - 00006492 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-06 16:03 - 2010-06-01 01:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-06 16:01 - 2013-12-06 16:01 - 00000000 ____D C:\Windows\system32\IO
2013-12-06 16:00 - 2013-12-03 19:20 - 00000000 ____D C:\ProgramData\WPM
2013-12-06 10:24 - 2013-12-05 19:06 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Nico Mak Computing
2013-12-06 10:09 - 2011-01-25 18:57 - 00000000 ____D C:\Users\Paula\AppData\Local\VirtualStore
2013-12-06 10:08 - 2013-12-06 10:08 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-12-06 10:07 - 2013-12-06 10:07 - 00000000 ____D C:\ProgramData\CheckPoint
2013-12-06 10:04 - 2013-12-06 10:04 - 01402880 _____ C:\Users\Paula\Desktop\HiJackThis-2-04.msi
2013-12-06 09:57 - 2011-08-21 20:56 - 00000000 ____D C:\Users\Paula\AppData\Roaming\FileZilla
2013-12-06 09:57 - 2011-07-16 19:51 - 00000000 ____D C:\Users\Paula\Tracing
2013-12-06 09:54 - 2011-07-17 21:17 - 00000000 ____D C:\Windows\Minidump
2013-12-06 09:54 - 2009-08-02 03:27 - 00000000 ____D C:\Windows\Panther
2013-12-06 09:33 - 2013-12-06 09:33 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-06 09:33 - 2013-12-06 09:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-06 09:33 - 2013-12-06 09:33 - 00000000 ____D C:\Program Files\CCleaner
2013-12-06 09:24 - 2013-12-06 09:24 - 00614784 _____ C:\Users\Paula\Downloads\CCleaner - CHIP-Downloader.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8.exe
2013-12-05 19:05 - 2013-12-05 19:05 - 04892480 _____ (WinZip International LLC ) C:\Users\Paula\Downloads\wzmp_8(1).exe
2013-12-05 16:08 - 2013-12-05 16:08 - 00000000 _____ C:\autoexec.bat
2013-12-05 15:07 - 2013-11-25 11:57 - 00021025 ____H C:\Users\Paula\Desktop\~WRL1957.tmp
2013-12-05 14:56 - 2013-08-14 07:15 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-04 14:39 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-03 19:40 - 2013-12-03 19:40 - 00000000 ____D C:\Windows\Sun
2013-12-03 19:27 - 2011-01-25 21:42 - 00006474 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-03 19:18 - 2013-08-18 21:16 - 00000000 ____D C:\Users\Paula\Desktop\Stufe
2013-12-02 20:37 - 2011-07-12 14:48 - 00000000 ____D C:\Users\Paula\AppData\Roaming\Skype
2013-11-26 20:41 - 2013-08-14 07:17 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-26 20:41 - 2013-08-14 07:15 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-26 20:41 - 2013-08-14 07:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-25 19:04 - 2013-11-25 18:36 - 00037376 _____ C:\Users\Paula\Desktop\Kundenformular für Interessenten.xls
2013-11-25 11:57 - 2013-11-25 11:57 - 00017276 ____H C:\Users\Paula\Desktop\~WRL0613.tmp
2013-11-24 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-24 21:12 - 2011-11-03 17:06 - 00000000 ____D C:\Users\Paula\AppData\Local\Akamai
2013-11-24 21:12 - 2010-06-01 02:11 - 00000000 ____D C:\ProgramData\WinClon
2013-11-24 21:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-20 16:34 - 2013-04-04 13:59 - 00002018 ____H C:\Users\Paula\Documents\Default.rdp
2013-11-19 12:34 - 2012-05-06 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 17:42 - 2013-11-17 13:13 - 00018550 ____H C:\Users\Paula\Desktop\~WRL0004.tmp
2013-11-18 17:25 - 2013-11-18 17:25 - 104931504 _____ C:\Windows\SysWOW64\〈戯ᰴƒ
2013-11-18 15:25 - 2013-11-18 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 14:58 - 2013-11-17 14:58 - 104695876 _____ C:\Windows\SysWOW64\롳杍ᰴj
2013-11-17 14:56 - 2013-07-13 15:15 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
2013-11-17 14:50 - 2012-07-02 14:54 - 00000000 ____D C:\Users\Paula\Desktop\Jura Studium
2013-11-17 13:13 - 2013-11-17 13:13 - 00017743 ____H C:\Users\Paula\Desktop\~WRL0003.tmp
2013-11-14 09:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 21:44 - 2013-07-22 06:56 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 21:40 - 2011-01-28 23:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2011-01-27 17:30 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Paula\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-01 18:18
Beim Internet Explorer kommt jetzt about:blank als Startseite, bei Firefox kommt folgende Startseite: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& Liebe Grüße! Geändert von Paula123 (10.12.2013 um 10:42 Uhr) |
|
10.12.2013, 10:50
| #15 |
| | Nationzoom-Virus, was kann ich tun? Hallo! Also: Beim Internet Explorer kommt jetzt about:blank als Startseite, bei Firefox kommt folgende Startseite: hxxp://search.zonealarm.com/?src=hp&tbid=Solo&Lan=&gu=77351eb98798464695580413422355fc&tu=11Ih000BN1B0001&sku=&tstsId=&ver=& EDIT: Ich konnte jetzt bei beiden Browsern wieder Google als Startseite einstellen. Nationzoom ist weg *jubel* Liebe Grüße und vielen Dank Geändert von Paula123 (10.12.2013 um 11:03 Uhr) |
|
| Themen zu Nationzoom-Virus, was kann ich tun? |
| ahnung, firefox, gleichzeitig, hilfe, internet, melde, meldet, nationzoom, nervige, pop-ups, sache, sachen, schaltet, schonmal, seite, software, startseite, surfen, testversion, total, trojaner, version, viren, virus, vollversion, werbefenster, wirklich, überhaupt, ändern, öffnen |
WARNUNG an die MITLESER: 
Linear-Darstellung
