| |
| |||||||
Log-Analyse und Auswertung: Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.03.2014, 12:54
| #1 |
| |  Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehr Hallo, leider bin ich kein PC-Spezialist und habe seit ca. 1 Woche das Problem, dass im Firefox permanent Tabs mit Werbung oder Aufforderungen zu Downloads geöffnet werden; oder ich auf Werbeseiten umgeleitet werde. Seitdem funktioniert auch der Internet Explorer nicht mehr, es kommt immer eine Meldung bezüglich BrowserSafeguard - ob es da einen Zusammenhang gibt weiß ich nicht. Ich habe daraufhin sowohl Maleware-Bytes Anti-Malware und Spyware Terminator installiert, es wurden auch infizierte Objekete gefunden, die ich entfernen ließ. Trotzdem besteht das Problem weiterhin und mein Latein ist jetzt am Ende. Als Virenscanner verwende ich Antivir, aber auch da gibt es keine Funde. Hier sind die Logfiles: defogger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:17 on 03/03/2014 (IG)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014
Ran by IG (administrator) on IG-PC on 03-03-2014 11:19:59
Running from C:\Users\IG\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Check Point Software Technologies LTD) C:\Windows\System32\ZoneLabs\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\ICQ6Toolbar\ICQ Service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\GlobalSat Technology\Crivit Training Gym\MySQL\bin\mysqld-nt.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Check Point Software Technologies LTD) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(BrowserSafeguard) C:\Users\IG\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
() C:\Users\IG\Downloads\Defogger.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NWEReboot] - [X]
HKLM\...\Run: [ZoneAlarm Client] - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [959976 2008-03-03] (Check Point Software Technologies LTD)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-09-19] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8497696 2007-09-19] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-09-19] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [Skype] - C:\Program Files\Skype\\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [940944 2011-06-09] (Samsung)
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [BrowserSafeguard] - C:\Users\IG\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe [417792 2014-02-06] (BrowserSafeguard)
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [BrowserSafeguard Update Task] - C:\Users\IG\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe [3350528 2014-02-06] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyServer: http=127.0.0.1:49157;https=127.0.0.1:49157
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
URLSearchHook: HKLM - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
SearchScopes: HKLM - {160DB79B-FE46-41D8-A2F7-3C3A5A247AAE} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM - {DE0A07AA-BDB3-475C-AB03-039789E444B3} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
BHO: No Name - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No File
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM - No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
Toolbar: HKCU - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No File
Toolbar: HKCU - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://express.foto.com/ImageUploader5.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1210628430
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: haufereader - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default
FF Homepage: hxxp://www.meinvz.net/
FF NetworkProxy: "user_pref("extension.gacela.network.proxy.autoconfig_url", "file:///C:/Users/IG/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_4917ded2.pac");
FF NetworkProxy: "user_pref("extension.gacela.network.proxy.type", 5);
FF NetworkProxy: "autoconfig_url", "file:///C:/Users/IG/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_4917ded2.pac"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.3088 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.3146 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\IG\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\Extensions\foxyproxy@eric.h.jung [2014-02-04]
FF Extension: TXTFilesConverrt - C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\Extensions\oiao@dpoz.edu [2014-02-26]
FF Extension: ggreaTsaving - C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\Extensions\wg-4lpnr@ieoaetpa.net [2014-02-26]
FF Extension: WEB.DE MailCheck - C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\Extensions\toolbar@web.de.xpi [2013-01-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-02-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (Gacela Plugin) - C:\Users\IG\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\11.3.1046_0\plugin/npgacela.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U23) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (getPlusPlus for Adobe 16260) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Move Media Player 7) - C:\Users\IG\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Online Visions) - C:\Users\IG\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef [2013-07-20]
CHR Extension: (ggreaTsaving) - C:\Users\IG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcepgedfnliibkdeeenplgghgdiaeep [2014-02-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2009-12-17] (NOS Microsystems Ltd.)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
R2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [222968 2009-06-01] ()
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 MySQL1; C:\Program Files\GlobalSat Technology\Crivit Training Gym\MySQL\my2.ini [2278 2008-04-25] ()
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-03-09] ()
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-09-30] ()
S2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-09-30] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-04-03] (Crawler.com)
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
R2 vsmon; C:\Windows\System32\ZoneLabs\vsmon.exe [79400 2008-03-03] (Check Point Software Technologies LTD)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [15872 2008-07-10] (CSR, plc)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-18] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-18] (Sonic Solutions)
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-09-09] (Conexant Systems Inc.)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-09] (Avira GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [44320 2008-10-15] (RapidSolution Software AG)
R3 TotRec7; C:\Windows\System32\drivers\TotRec7.sys [127496 2008-10-23] (High Criteria inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [279440 2008-03-03] (Check Point Software Technologies LTD)
S1 ASPI32; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
U1 eabfiltr;
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 siusbmod; system32\DRIVERS\siusbmod.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-03 11:19 - 2014-03-03 11:21 - 00026956 _____ () C:\Users\IG\Downloads\FRST.txt
2014-03-03 11:19 - 2014-03-03 11:19 - 00000000 ____D () C:\FRST
2014-03-03 11:18 - 2014-03-03 11:19 - 01145344 _____ (Farbar) C:\Users\IG\Downloads\FRST.exe
2014-03-03 11:17 - 2014-03-03 11:18 - 00000466 _____ () C:\Users\IG\Downloads\defogger_disable.log
2014-03-03 11:17 - 2014-03-03 11:17 - 00000000 _____ () C:\Users\IG\defogger_reenable
2014-03-03 11:16 - 2014-03-03 11:17 - 00050477 _____ () C:\Users\IG\Downloads\Defogger.exe
2014-03-02 10:43 - 2014-03-02 12:24 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-03-02 10:43 - 2014-03-02 10:44 - 00000000 ____D () C:\Program Files\Spyware Terminator
2014-03-02 10:43 - 2014-03-02 10:43 - 00000847 _____ () C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-03-02 10:43 - 2014-03-02 10:43 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Spyware Terminator
2014-03-02 10:43 - 2011-06-21 11:24 - 00032768 _____ () C:\Windows\system32\Drivers\sp_rsdrv2.sys
2014-03-02 10:42 - 2014-03-02 10:42 - 05049344 _____ (Crawler.com ) C:\Users\IG\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-03-01 17:47 - 2014-03-01 17:47 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-01 17:47 - 2014-03-01 17:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-01 17:39 - 2014-03-01 17:39 - 00081520 _____ () C:\Users\IG\Downloads\bookmarks-2014-03-01.json
2014-03-01 12:46 - 2014-03-01 12:46 - 00000079 _____ () C:\Windows\wininit.ini
2014-03-01 09:17 - 2014-03-01 09:17 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Malwarebytes
2014-03-01 09:16 - 2014-03-01 09:16 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-01 09:16 - 2014-03-01 09:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 09:16 - 2014-03-01 09:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-01 09:16 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-01 09:15 - 2014-03-01 09:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\IG\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-01 09:02 - 2014-03-01 09:02 - 01727624 _____ () C:\Users\IG\Downloads\Adaware_Installer_11.1.5354.exe
2014-02-28 19:58 - 2014-03-01 12:57 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-02-28 19:58 - 2014-03-01 12:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-28 19:55 - 2014-02-28 19:57 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\IG\Downloads\spybot-2.2.25(1).exe
2014-02-28 19:42 - 2014-02-28 19:42 - 28410281 _____ (Safer-Networking Ltd. ) C:\Users\IG\Downloads\spybot-2.2.25.exe.part
2014-02-28 19:42 - 2014-02-28 19:42 - 00000000 _____ () C:\Users\IG\Downloads\spybot-2.2.25.exe
2014-02-28 13:44 - 2014-03-02 08:40 - 00007302 _____ () C:\Windows\PFRO.log
2014-02-28 10:38 - 2014-02-28 10:38 - 00000000 ____D () C:\Program Files\ggreaTsaving
2014-02-27 19:02 - 2014-02-27 19:02 - 00000000 ___RD () C:\Program Files\Skype
2014-02-27 19:02 - 2014-02-27 19:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-26 09:49 - 2014-03-01 10:26 - 00000000 ____D () C:\ProgramData\TXTFilesConverrt
2014-02-26 09:49 - 2014-02-28 10:42 - 00000000 ____D () C:\ProgramData\ggreaTsaving
2014-02-26 09:49 - 2014-02-28 10:38 - 00000000 ____D () C:\ProgramData\2ee81df3df7fe83
2014-02-26 09:49 - 2014-02-26 09:49 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-26 09:49 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\mlhciejaipalaalpfphdmmpbklcpjpil
2014-02-25 08:43 - 2014-02-25 08:46 - 00000000 ____D () C:\65290b00188f4ab20dfc1ab9f309
2014-02-14 19:31 - 2014-03-01 17:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-13 22:38 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 22:38 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 22:38 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 22:38 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 22:38 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 22:38 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 22:38 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-13 22:38 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 22:38 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 22:38 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 22:38 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 22:38 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 22:38 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 22:38 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 22:38 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-13 22:38 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 22:01 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-06 20:56 - 2014-02-06 20:58 - 00002646 _____ () C:\Users\IG\Desktop\Rkill.txt
2014-02-06 20:56 - 2014-02-06 20:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\IG\Downloads\rkill.com
2014-02-06 20:56 - 2014-02-06 20:56 - 00000000 ____D () C:\Users\IG\Desktop\rkill
2014-02-06 18:58 - 2014-02-06 18:58 - 00021726 _____ () C:\Users\IG\Documents\cc_20140206_1858.reg
2014-02-06 18:57 - 2014-02-06 18:57 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2014-02-06 17:21 - 2014-02-06 17:22 - 00376642 _____ () C:\Users\IG\Documents\cc_20140206_1721.reg
2014-02-06 16:58 - 2014-02-06 16:58 - 00000000 ____D () C:\Users\IG\Documents\Optimizer Pro
2014-02-06 16:53 - 2014-03-02 15:15 - 00000000 ____D () C:\Users\IG\AppData\Local\BrowserSafeguard
2014-02-06 15:44 - 2014-02-06 15:44 - 00000000 ____D () C:\Users\IG\.android
2014-02-06 15:43 - 2014-03-01 10:26 - 00000000 ____D () C:\Users\IG\AppData\Local\genienext
2014-02-06 15:43 - 2014-02-06 18:49 - 00000000 ____D () C:\Users\IG\AppData\Local\Mobogenie
2014-02-06 15:43 - 2014-02-06 18:37 - 00000000 ____D () C:\Users\IG\AppData\Roaming\systweak
2014-02-06 15:43 - 2014-02-06 15:49 - 00000000 ____D () C:\Users\IG\AppData\Local\cache
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\Documents\Mobogenie
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\Documents\Hexonic ScanToPDF Dokumente
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 _____ () C:\Users\IG\daemonprocess.txt
2014-02-06 15:42 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Hexonic Software
2014-02-06 15:42 - 2014-02-06 15:42 - 00000907 _____ () C:\Users\Public\Desktop\Hexonic ScanToPDF.lnk
2014-02-06 15:42 - 2014-02-06 15:42 - 00000000 ____D () C:\Users\IG\AppData\Local\Hexonic_Software
2014-02-06 15:42 - 2014-02-06 15:42 - 00000000 ____D () C:\Program Files\Hexonic ScanToPDF
2014-02-06 15:39 - 2014-02-06 15:39 - 01319678 _____ (Hexonic Software ) C:\Users\IG\Desktop\HexonicScanToPDFSetup.exe
==================== One Month Modified Files and Folders =======
2014-03-03 11:21 - 2014-03-03 11:19 - 00026956 _____ () C:\Users\IG\Downloads\FRST.txt
2014-03-03 11:19 - 2014-03-03 11:19 - 00000000 ____D () C:\FRST
2014-03-03 11:19 - 2014-03-03 11:18 - 01145344 _____ (Farbar) C:\Users\IG\Downloads\FRST.exe
2014-03-03 11:18 - 2014-03-03 11:17 - 00000466 _____ () C:\Users\IG\Downloads\defogger_disable.log
2014-03-03 11:17 - 2014-03-03 11:17 - 00000000 _____ () C:\Users\IG\defogger_reenable
2014-03-03 11:17 - 2014-03-03 11:16 - 00050477 _____ () C:\Users\IG\Downloads\Defogger.exe
2014-03-03 11:17 - 2008-03-03 18:58 - 00000000 ____D () C:\Users\IG
2014-03-03 11:07 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 11:07 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 10:49 - 2008-04-15 19:44 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-03-03 10:46 - 2008-04-06 15:05 - 40649728 _____ () C:\Users\IG\Outlook Sicherung.pst
2014-03-03 10:44 - 2012-11-06 19:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-03 10:17 - 2008-03-05 17:22 - 00027050 _____ () C:\Users\IG\AppData\Roaming\nvModes.001
2014-03-03 08:18 - 2008-01-25 13:59 - 01659779 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 08:00 - 2008-03-07 21:04 - 00352614 ____H () C:\Windows\system32\Drivers\vsconfig.xml
2014-03-03 07:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-02 18:03 - 2008-07-24 12:31 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-02 18:03 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-02 15:15 - 2014-02-06 16:53 - 00000000 ____D () C:\Users\IG\AppData\Local\BrowserSafeguard
2014-03-02 12:24 - 2014-03-02 10:43 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-03-02 10:44 - 2014-03-02 10:43 - 00000000 ____D () C:\Program Files\Spyware Terminator
2014-03-02 10:43 - 2014-03-02 10:43 - 00000847 _____ () C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-03-02 10:43 - 2014-03-02 10:43 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Spyware Terminator
2014-03-02 10:42 - 2014-03-02 10:42 - 05049344 _____ (Crawler.com ) C:\Users\IG\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-03-02 08:40 - 2014-02-28 13:44 - 00007302 _____ () C:\Windows\PFRO.log
2014-03-01 17:47 - 2014-03-01 17:47 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-01 17:47 - 2014-03-01 17:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-01 17:47 - 2014-02-14 19:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-01 17:39 - 2014-03-01 17:39 - 00081520 _____ () C:\Users\IG\Downloads\bookmarks-2014-03-01.json
2014-03-01 17:27 - 2012-10-04 13:50 - 00038912 _____ () C:\Users\IG\Desktop\Strom_Haus.xls
2014-03-01 15:26 - 2006-11-02 11:33 - 01555118 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-01 12:57 - 2014-02-28 19:58 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-01 12:46 - 2014-03-01 12:46 - 00000079 _____ () C:\Windows\wininit.ini
2014-03-01 12:46 - 2014-02-28 19:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-01 12:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-03-01 12:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Provisioning
2014-03-01 10:26 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\TXTFilesConverrt
2014-03-01 10:26 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\AppData\Local\genienext
2014-03-01 09:47 - 2008-04-06 12:58 - 00000000 ____D () C:\Program Files\ICQToolbar
2014-03-01 09:17 - 2014-03-01 09:17 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Malwarebytes
2014-03-01 09:16 - 2014-03-01 09:16 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-01 09:16 - 2014-03-01 09:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 09:16 - 2014-03-01 09:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-01 09:16 - 2014-03-01 09:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\IG\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-01 09:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-01 09:02 - 2014-03-01 09:02 - 01727624 _____ () C:\Users\IG\Downloads\Adaware_Installer_11.1.5354.exe
2014-02-28 19:57 - 2014-02-28 19:55 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\IG\Downloads\spybot-2.2.25(1).exe
2014-02-28 19:42 - 2014-02-28 19:42 - 28410281 _____ (Safer-Networking Ltd. ) C:\Users\IG\Downloads\spybot-2.2.25.exe.part
2014-02-28 19:42 - 2014-02-28 19:42 - 00000000 _____ () C:\Users\IG\Downloads\spybot-2.2.25.exe
2014-02-28 18:15 - 2010-09-16 18:40 - 00000000 ____D () C:\Users\IG\Documents\Lauftraining
2014-02-28 11:13 - 2013-12-19 06:37 - 00068096 _____ () C:\Users\IG\Desktop\Urlaub und Arbeitszeit.xls
2014-02-28 11:03 - 2008-03-04 18:49 - 00000000 ____D () C:\Program Files\Google
2014-02-28 10:42 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\ggreaTsaving
2014-02-28 10:39 - 2008-03-04 18:50 - 00000000 ____D () C:\ProgramData\Google
2014-02-28 10:39 - 2008-03-04 18:49 - 00000000 ____D () C:\Users\IG\AppData\Local\Google
2014-02-28 10:38 - 2014-02-28 10:38 - 00000000 ____D () C:\Program Files\ggreaTsaving
2014-02-28 10:38 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\2ee81df3df7fe83
2014-02-28 10:32 - 2009-01-11 20:01 - 00000000 ____D () C:\Windows\Minidump
2014-02-27 19:02 - 2014-02-27 19:02 - 00000000 ___RD () C:\Program Files\Skype
2014-02-27 19:02 - 2014-02-27 19:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-27 19:02 - 2008-03-04 18:49 - 00000000 ____D () C:\ProgramData\Skype
2014-02-27 09:06 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-26 18:34 - 2009-08-23 08:42 - 00000000 ____D () C:\Users\IG\Documents\Ilka
2014-02-26 09:49 - 2014-02-26 09:49 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-26 09:49 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\mlhciejaipalaalpfphdmmpbklcpjpil
2014-02-26 09:49 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-25 18:20 - 2008-03-18 17:15 - 00000000 ____D () C:\Users\IG\AppData\Roaming\XnView
2014-02-25 08:46 - 2014-02-25 08:43 - 00000000 ____D () C:\65290b00188f4ab20dfc1ab9f309
2014-02-23 09:44 - 2012-11-06 19:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-23 09:44 - 2011-10-31 11:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-22 12:43 - 2007-10-24 08:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-21 12:23 - 2009-02-16 19:47 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-02-15 16:54 - 2014-01-07 18:06 - 00000000 ____D () C:\Users\IG\Documents\A_Kind
2014-02-13 22:46 - 2013-08-14 19:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 22:40 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-06 20:58 - 2014-02-06 20:56 - 00002646 _____ () C:\Users\IG\Desktop\Rkill.txt
2014-02-06 20:56 - 2014-02-06 20:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\IG\Downloads\rkill.com
2014-02-06 20:56 - 2014-02-06 20:56 - 00000000 ____D () C:\Users\IG\Desktop\rkill
2014-02-06 20:51 - 2012-01-31 06:38 - 00001356 _____ () C:\Users\IG\AppData\Local\d3d9caps.dat
2014-02-06 19:02 - 2006-11-02 13:47 - 00320280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-06 18:58 - 2014-02-06 18:58 - 00021726 _____ () C:\Users\IG\Documents\cc_20140206_1858.reg
2014-02-06 18:57 - 2014-02-06 18:57 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2014-02-06 18:56 - 2010-01-25 20:46 - 00000000 ____D () C:\Users\IG\.CABAReTStage_4.2
2014-02-06 18:56 - 2010-01-25 20:45 - 00000000 ____D () C:\Program Files\CABAReT Stage 4.2
2014-02-06 18:56 - 2007-10-24 08:38 - 00000000 ____D () C:\Program Files\Alice
2014-02-06 18:55 - 2007-10-24 08:29 - 00000000 ____D () C:\Program Files\CyberLink
2014-02-06 18:55 - 2007-10-24 07:00 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-06 18:49 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\AppData\Local\Mobogenie
2014-02-06 18:44 - 2010-03-25 05:16 - 00000000 ____D () C:\Program Files\Opera
2014-02-06 18:42 - 2008-07-25 10:56 - 00000000 ____D () C:\Program Files\PDF Blender
2014-02-06 18:42 - 2008-03-03 18:58 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-02-06 18:42 - 2007-10-24 08:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-02-06 18:42 - 2007-10-24 08:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-02-06 18:40 - 2008-10-27 21:57 - 00000000 ____D () C:\Program Files\LitexMedia
2014-02-06 18:38 - 2008-09-08 18:52 - 00000000 ____D () C:\Program Files\SCHLECKER
2014-02-06 18:37 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\AppData\Roaming\systweak
2014-02-06 17:22 - 2014-02-06 17:21 - 00376642 _____ () C:\Users\IG\Documents\cc_20140206_1721.reg
2014-02-06 16:58 - 2014-02-06 16:58 - 00000000 ____D () C:\Users\IG\Documents\Optimizer Pro
2014-02-06 16:54 - 2008-03-03 19:11 - 00076664 _____ () C:\Users\IG\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-06 15:49 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\AppData\Local\cache
2014-02-06 15:44 - 2014-02-06 15:44 - 00000000 ____D () C:\Users\IG\.android
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\Documents\Mobogenie
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\Documents\Hexonic ScanToPDF Dokumente
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 _____ () C:\Users\IG\daemonprocess.txt
2014-02-06 15:43 - 2014-02-06 15:42 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Hexonic Software
2014-02-06 15:42 - 2014-02-06 15:42 - 00000907 _____ () C:\Users\Public\Desktop\Hexonic ScanToPDF.lnk
2014-02-06 15:42 - 2014-02-06 15:42 - 00000000 ____D () C:\Users\IG\AppData\Local\Hexonic_Software
2014-02-06 15:42 - 2014-02-06 15:42 - 00000000 ____D () C:\Program Files\Hexonic ScanToPDF
2014-02-06 15:39 - 2014-02-06 15:39 - 01319678 _____ (Hexonic Software ) C:\Users\IG\Desktop\HexonicScanToPDFSetup.exe
2014-02-06 15:39 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-02-05 09:58 - 2014-02-13 22:38 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-13 22:38 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-13 22:38 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-13 22:38 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-13 22:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-13 22:38 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-13 22:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-13 22:38 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-13 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-13 22:38 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-13 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-13 22:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-13 22:38 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-13 22:38 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-13 22:38 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-13 22:38 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\Users\IG\lame_enc.dll
C:\Users\IG\setup.exe
Some content of TEMP:
====================
C:\Users\IG\AppData\Local\Temp\avgnt.exe
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite34295.dll
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite54931.dll
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite63660.dll
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite66501.dll
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite70055.dll
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite77738.dll
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite84262.dll
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite85242.dll
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite96543.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-03 08:24
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-03-2014
Ran by IG at 2014-03-03 11:22:30
Running from C:\Users\IG\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.60 - NOS Microsystems Ltd.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
All To MP3 Converter 2.15 (HKLM\...\All To MP3 Converter_is1) (Version: 2.15 - All To MP3 Converter)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version: - )
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
BrowserSafeguard with RocketTab (HKCU\...\Browsersafeguard) (Version: - Browsersafeguard) <==== ATTENTION
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version: - )
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version: - )
Canon MP210 series Benutzerregistrierung (HKLM\...\Canon MP210 series Benutzerregistrierung) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
CCleaner (remove only) (HKLM\...\CCleaner) (Version: - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.0.024.439 - CDBurnerXP)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.31.0.50 - Conexant)
Crivit Training Gym (HKLM\...\Crivit Training Gym) (Version: - )
Die Sims™ Lebensgeschichten (HKLM\...\{2284D904-C138-4B58-93EC-5C362AB5130A}) (Version: 1.00.0000 - Electronic Arts)
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
doPDF 6.0 printer (HKLM\...\doPDF 6 printer_is1) (Version: - Softland)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.0928 - CyberLink Corp.)
DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: - )
EA Link (HKLM\...\InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}) (Version: 3.1.1.4 - Electronic Arts)
EA Link (Version: 3.1.1.4 - Electronic Arts) Hidden
Efficient WMA MP3 Converter v0.99.2 (HKLM\...\Efficient WMA MP3 Converter_is1) (Version: - )
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.13587 - Landesfinanzdirektion Thüringen)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.0.0.0 - Steuerverwaltung des Bundes und der Länder)
ESU for Microsoft Vista (HKLM\...\{9BA6E8AF-2122-4825-9B55-98BC351E3C94}) (Version: 2.0.10.1 - Hewlett-Packard)
Free Audio CD Burner version 1.4.7 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.9.33 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.)
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
Haufe iDesk-Browser (HKLM\...\{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}) (Version: 7.07.25.4312 - Haufe)
Haufe iDesk-Service (HKLM\...\{A4E86B6A-6EEC-41FD-8960-26947F0E3353}) (Version: 7.09.07.4355 - Haufe)
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: - )
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
Hexonic ScanToPDF Version 1.0 (HKLM\...\{EC78E48C-555F-11E1-A994-5FF64724019B}_is1) (Version: 1.0 - Hexonic Software)
HP Active Support Library (HKLM\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Help and Support (HKLM\...\{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}) (Version: 1.5.1 - Hewlett-Packard)
HP Quick Launch Buttons 6.30 E1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.30 E1 - Hewlett-Packard)
HP QuickPlay 3.6 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP QuickTouch 1.00 C4 (HKLM\...\{7DC4A410-9986-4329-9E5D-687B2C42CA39}) (Version: 1.0.7 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{b02df929-29a7-4fd2-9a70-81a644b635f7}) (Version: 1.4.19.2433 - Hewlett-Packard)
HP Update (HKLM\...\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}) (Version: 4.000.006.003 - Hewlett-Packard)
HP User Guides 0087 (HKLM\...\{4D49757C-367A-4333-BDB3-68966162B14E}) (Version: 1.02.0000 - Hewlett-Packard )
HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard)
HyperSnap 6 (HKLM\...\HyperSnap 6) (Version: 6.40.06 - Hyperionics Technology LLC)
ICQ Toolbar (HKLM\...\ICQToolbar) (Version: 3.0.0 - ICQ)
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
jLameGUI (HKLM\...\{146ADCA8-7B37-484C-B503-BB71C2F70EDB}) (Version: 1.0.1 - jSoft)
KaloMa 4.92 (HKLM\...\KaloMa_is1) (Version: - Frank Böpple)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2128 - CyberLink Corp.)
LightScribe System Software 1.10.13.1 (Version: 1.10.13.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft MapPoint Europe 2006 (HKLM\...\{83ED1E80-A1B7-4256-BCF1-AC4A88151A6B}) (Version: 13.00.18.1200 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard Edition 2003 (HKLM\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Outlook-Sicherung für Persönliche Ordner (HKLM\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version: - )
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
Move Media Player (HKCU\...\Move Media Player) (Version: - Move Networks)
Moyea PPT to DVD Burner version 2.8.1.133 (HKLM\...\{12AEE067-4646-41E8-A6EA-FB2AD0E38D30}_is1) (Version: - Moyea Software)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSCU for Microsoft Vista (HKLM\...\{3D356AA9-2D0C-4373-A762-B42F1A289233}) (Version: 1.0.1.9 - Hewlett-Packard)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 3.8.1.4 - Napster)
Napster Burn Engine (Version: 3.5.0000 - Ihr Firmenname) Hidden
Nero 7 Ultra Edition (HKLM\...\{4781569D-5404-1F26-4B2B-6DF444441031}) (Version: 7.00.0177 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.46 - BVRP Software, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Office-Bibliothek (HKLM\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.01 - Bibliographisches Institut & F.A. Brockhaus AG)
PC Connectivity Solution (HKLM\...\{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}) (Version: 9.44.0.3 - Nokia)
PixiePack Codec Pack (HKLM\...\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}) (Version: 1.0.100.0 - None)
PIXMA Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
PL-2303 Vista Driver Installer (HKLM\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2129 - CyberLink Corp.)
PowerDirector (Version: 6.5.2129 - CyberLink Corp.) Hidden
QuickPlay SlingPlayer 0.4.4 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.4 - SlingMedia)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.1.11053_66 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.0.1.11053_66 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)
Sicherheitsupdate für Windows Media Player (KB2845142) (HKLM\...\KB2845142_WM64) (Version: - Microsoft Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spyware Terminator 2012 (HKLM\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler.com)
Steuer 2007 (HKLM\...\{5E8C42DD-7E43-462C-84CC-99E5BBE3E101}) (Version: 14.00 - Lexware)
Steuer 2007 (Version: 14.00 - Lexware) Hidden
Steuer Hilfesammlung (HKLM\...\{B754B683-E23C-4583-9312-50AD86836B42}) (Version: 14.0.0.0 - Haufe Mediengruppe)
Steuer Update 14.01 (Version: 14.01 - Lexware) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)
Total Recorder 7.1 (HKLM\...\TotalRecorder) (Version: - )
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.52 - Nullsoft, Inc)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
XnView 1.92.1 (HKLM\...\XnView_is1) (Version: 1.92.1 - Gougelet Pierre-e)
Xvid 1.2.1 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
ZoneAlarm (HKLM\...\ZoneAlarm) (Version: 7.1.254.000 - Check Point, Inc)
==================== Restore Points =========================
16-02-2014 08:33:35 Geplanter Prüfpunkt
17-02-2014 12:42:37 Geplanter Prüfpunkt
18-02-2014 19:35:39 Geplanter Prüfpunkt
19-02-2014 10:20:10 Geplanter Prüfpunkt
20-02-2014 10:48:23 Geplanter Prüfpunkt
21-02-2014 11:50:28 Geplanter Prüfpunkt
22-02-2014 13:00:52 Geplanter Prüfpunkt
23-02-2014 11:29:00 Geplanter Prüfpunkt
24-02-2014 08:59:02 Geplanter Prüfpunkt
25-02-2014 07:41:24 Windows Update
26-02-2014 09:16:27 Geplanter Prüfpunkt
27-02-2014 06:42:05 Windows Update
27-02-2014 17:58:09 Windows Update
28-02-2014 10:44:47 Geplanter Prüfpunkt
01-03-2014 07:57:44 Windows Update
01-03-2014 14:19:49 Windows Update
02-03-2014 09:29:07 Geplanter Prüfpunkt
03-03-2014 09:45:00 Removed ScanSoft OmniPage SE 4
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {05683248-D873-4CFB-B65E-3A2066095242} - System32\Tasks\{3E262652-C194-4187-9FE3-7E9EE6B8D892} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.169.210/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered <==== ATTENTION
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {1A9530D0-1747-45E3-BD18-25702C9F80D9} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.) <==== ATTENTION
Task: {1B55CD68-4DF7-4C11-9F1B-0DB854E22871} - System32\Tasks\Microsoft\Windows\MUI\Mcbuilder => C:\Windows\System32\mcbuilder.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {22542E75-8987-4FFC-9372-D65D21BF2817} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {2CD8C55D-F7F3-477E-9748-3A23CFE2928D} - System32\Tasks\{7695CDA3-759A-464B-A4DF-A2B9EDB74511} => C:\Windows\system32\pcalua.exe [2006-11-02] (Microsoft Corporation) <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3EEDAEA4-B19A-427A-81A0-3DC2101D018F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {45A23176-534F-4C26-8220-0634ABE434B4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\BthUdTask.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION
Task: {4D86CC85-3AD1-4778-B9A2-373417D3ED69} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs [2008-01-05] () <==== ATTENTION
Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {5FA7E57B-A62D-452A-83EA-C8478687C1E9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation) <==== ATTENTION
Task: {6CAD09EC-9B43-402F-AF4C-37DFB818062E} - System32\Tasks\{72209A9D-93F6-4BD3-9AB2-E9DA3E6F50FA} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.169.210/de/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-notinstalled <==== ATTENTION
Task: {7CC5F54A-62AD-45DA-BC4A-D5FF81AF5321} - System32\Tasks\{F36DBF30-EEB4-41FB-83A9-DCBE5D6AA51A} => C:\Windows\system32\pcalua.exe [2006-11-02] (Microsoft Corporation) <==== ATTENTION
Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION
Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {8A59AA2D-9505-4B4D-92C5-16FA474AB35D} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B6FADA2-678A-4AEA-9CD5-2D8CB921D909} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23] (Adobe Systems Incorporated) <==== ATTENTION
Task: {8D30FEBF-4566-4BA1-9238-014FFEA4FC45} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) <==== ATTENTION
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.) <==== ATTENTION
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe [2008-01-19] (Microsoft Corporation) <==== ATTENTION
Task: {C16BCDDE-CE7C-4DE2-B8D2-1287189061F0} - System32\Tasks\User_Feed_Synchronization-{55CCF82A-72F3-47F0-B7DE-43C9C4508595} => C:\Windows\system32\msfeedssync.exe [2013-07-03] (Microsoft Corporation) <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () <==== ATTENTION
Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => Sc.exe config upnphost start= auto <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2008-03-19 13:49 - 2008-03-03 14:06 - 00026096 _____ () C:\Windows\system32\zonelabs\lib\pyd\signedDll.pyd
2008-03-19 13:49 - 2008-03-03 14:06 - 00026096 _____ () C:\Windows\system32\zonelabs\lib\pyd\pyvsinit.pyd
2008-03-19 13:49 - 2008-03-03 14:06 - 00144880 _____ () C:\Windows\system32\zonelabs\lib\pyd\pyexpat.pyd
2008-03-19 13:49 - 2008-03-03 14:06 - 00046576 _____ () C:\Windows\system32\zonelabs\lib\pyd\_socket.pyd
2013-03-09 21:17 - 2013-03-09 21:02 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2010-01-26 19:56 - 2009-06-01 22:20 - 00222968 _____ () C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2008-01-18 09:57 - 2008-01-18 09:57 - 05750784 _____ () C:\Program Files\GlobalSat Technology\Crivit Training Gym\MySQL\bin\mysqld-nt.exe
2008-03-20 13:05 - 2008-03-09 11:20 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe
2008-01-25 14:16 - 2007-09-30 19:34 - 00271760 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2008-01-25 14:16 - 2007-09-30 19:34 - 00255384 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2008-10-27 21:57 - 2007-10-12 18:26 - 00061440 _____ () C:\Program Files\LitexMedia\All To MP3 Converter\MP3ShellExt.dll
2008-03-07 21:23 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2008-03-19 13:49 - 2008-03-03 14:06 - 00194032 _____ () C:\Windows\system32\ZoneLabs\lib\pyd\zpui.pyd
2008-03-19 13:49 - 2008-03-03 14:06 - 00144880 _____ () C:\Windows\system32\ZoneLabs\lib\pyd\pyexpat.pyd
2007-10-24 08:35 - 2007-01-09 11:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-01-25 14:14 - 2007-09-30 19:33 - 00066856 _____ () C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll
2007-05-16 09:43 - 2007-05-16 10:12 - 00671744 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2014-03-01 17:47 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-23 09:44 - 2014-02-23 09:44 - 16265096 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll
2014-03-03 11:16 - 2014-03-03 11:17 - 00050477 _____ () C:\Users\IG\Downloads\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:88050731
AlternateDataStreams: C:\ProgramData\TEMP:9FA5EC55
AlternateDataStreams: C:\ProgramData\TEMP:C39E55C5
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: HP Health Check Scheduler => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ6.5\ICQ.exe" silent
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NapsterShell => C:\Program Files\Napster\napster.exe /systray
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Nokia.PCSync => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: NvSvc => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
MSCONFIG\startupreg: OnScreenDisplay => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QlbCtrl => %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPStart => C:\Program Files\Synaptics\SynTP\SynTPStart.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
MSCONFIG\startupreg: Tunebite => C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
MSCONFIG\startupreg: tunebite.exe => C:\Program Files\Tunebite\tunebite.exe -tray
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
==================== Faulty Device Manager Devices =============
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-6zu4-Adapter #2
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/01/2014 08:23:33 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 27.0.1.5156, Zeitstempel 0x52fc0faa, fehlerhaftes Modul xul.dll, Version 27.0.1.5156, Zeitstempel 0x52fc0f79, Ausnahmecode 0xc0000005, Fehleroffset 0x001560c7,
Prozess-ID 0x1404, Anwendungsstartzeit firefox.exe0.
Error: (03/01/2014 05:43:52 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16533 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: ce8
Anfangszeit: 01cf356d3aeedae1
Zeitpunkt der Beendigung: 156
Error: (03/01/2014 09:03:57 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Adaware_Installer_11.1.5354.exe, Version 11.1.5354.0, Zeitstempel 0x52e123db, fehlerhaftes Modul Adaware_Installer_11.1.5354.exe, Version 11.1.5354.0, Zeitstempel 0x52e123db, Ausnahmecode 0xc0000005, Fehleroffset 0x00073b5f,
Prozess-ID 0x1420, Anwendungsstartzeit Adaware_Installer_11.1.5354.exe0.
Error: (03/01/2014 09:03:29 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Adaware_Installer_11.1.5354.exe, Version 11.1.5354.0, Zeitstempel 0x52e123db, fehlerhaftes Modul Adaware_Installer_11.1.5354.exe, Version 11.1.5354.0, Zeitstempel 0x52e123db, Ausnahmecode 0xc0000005, Fehleroffset 0x00073b5f,
Prozess-ID 0x458, Anwendungsstartzeit Adaware_Installer_11.1.5354.exe0.
Error: (03/01/2014 09:03:09 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Adaware_Installer_11.1.5354.exe, Version 11.1.5354.0, Zeitstempel 0x52e123db, fehlerhaftes Modul Adaware_Installer_11.1.5354.exe, Version 11.1.5354.0, Zeitstempel 0x52e123db, Ausnahmecode 0xc0000005, Fehleroffset 0x00073b5f,
Prozess-ID 0x1218, Anwendungsstartzeit Adaware_Installer_11.1.5354.exe0.
Error: (02/28/2014 08:26:10 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\IG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\38P1FBQQ.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/28/2014 08:26:10 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\IG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\38P1FBQQ.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/28/2014 08:26:08 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\IG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\38P1FBQQ.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/28/2014 08:26:08 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\IG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\38P1FBQQ.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/28/2014 08:26:06 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\IG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\38P1FBQQ.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (03/12/2013 10:45:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 123 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/12/2013 05:40:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 193 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 62%
Total physical RAM: 2046.23 MB
Available physical RAM: 763.32 MB
Total Pagefile: 4335.7 MB
Available Pagefile: 2528.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.7 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:221.36 GB) (Free:92.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.52 GB) (Free:2.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 415D13E6)
Partition 1: (Active) - (Size=221 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-03 12:44:29
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HM250JI rev.HS100-10 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\IG\AppData\Local\Temp\pxldrpoc.sys
---- System - GMER 2.1 ----
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8E321444]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8E320C8A]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8E320958]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x8E322520]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8E320A68]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8E320B5A]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8E321780]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8E320F9C]
SSDT 8DD58878 ZwRequestWaitReplyPort
SSDT 8DD58873 ZwSetContextThread
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x8E3210D2]
SSDT 8DD5887D ZwSetSecurityObject
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8E32077E]
SSDT 8DD58882 ZwSystemDebugControl
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x8E3216C8]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8E3212BC]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 1A9 82EB37F4 4 Bytes [44, 14, 32, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1D9 82EB3824 4 Bytes [8A, 0C, 32, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1E9 82EB3834 4 Bytes [58, 09, 32, 8E]
.text ntkrnlpa.exe!KeSetEvent + 215 82EB3860 4 Bytes [20, 25, 32, 8E]
.text ntkrnlpa.exe!KeSetEvent + 2D5 82EB3920 4 Bytes [68, 0A, 32, 8E]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8CC0C360, 0x35B0A2, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE[4820] ole32.dll!OleLoadFromStream 768E1E80 5 Bytes JMP 5F5344C3 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd50204b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd50204b@0021abd3f1be 0xED 0xCF 0x72 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd50204b@002669c8a282 0x2D 0x5E 0x8F 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd507286
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd50204b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd50204b@0021abd3f1be 0xED 0xCF 0x72 0xC0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd50204b@002669c8a282 0x2D 0x5E 0x8F 0x6B ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd507286 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Gruß, nickie |
|
03.03.2014, 12:58
| #2 |
| /// the machine /// TB-Ausbilder    | Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehr hi,
__________________Scan mit Combofix
__________________ |
|
03.03.2014, 15:40
| #3 |
| | Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehr Habe combofix laufen aber es läuft nun schon seit 45 min.kommt mir sehr lang vor?!
__________________so, combofix ist fertig: Code:
ATTFilter ComboFix 14-02-24.02 - IG 03.03.2014 13:55:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.932 [GMT 1:00]
ausgeführt von:: c:\users\IG\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-02-03 bis 2014-03-03 ))))))))))))))))))))))))))))))
.
.
2014-03-03 12:58 . 2014-03-03 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-03 12:45 . 2014-03-03 12:45 -------- d-----w- c:\users\IG\AppData\Roaming\Avira
2014-03-03 12:42 . 2014-02-14 10:00 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-03-03 12:42 . 2014-02-14 10:00 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-03-03 12:42 . 2014-02-14 10:00 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-03-03 12:42 . 2014-03-03 12:45 -------- d-----w- c:\program files\Avira
2014-03-03 12:42 . 2014-03-03 12:42 -------- d-----w- c:\programdata\Avira
2014-03-03 10:40 . 2014-03-03 10:40 -------- d-----w- c:\program files\McAfee Security Scan
2014-03-03 10:19 . 2014-03-03 10:29 -------- d-----w- C:\FRST
2014-03-02 09:43 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2014-03-02 09:43 . 2014-03-02 11:24 -------- d-----w- c:\programdata\Spyware Terminator
2014-03-02 09:43 . 2014-03-02 09:43 -------- d-----w- c:\users\IG\AppData\Roaming\Spyware Terminator
2014-03-02 09:43 . 2014-03-02 09:44 -------- d-----w- c:\program files\Spyware Terminator
2014-03-01 16:47 . 2014-03-01 16:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-03-01 08:17 . 2014-03-01 08:17 -------- d-----w- c:\users\IG\AppData\Roaming\Malwarebytes
2014-03-01 08:16 . 2014-03-01 08:16 -------- d-----w- c:\programdata\Malwarebytes
2014-03-01 08:16 . 2014-03-01 08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-01 08:16 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-28 18:58 . 2014-03-01 11:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-02-28 18:58 . 2014-03-01 11:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-02-28 14:09 . 2014-02-17 00:32 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D819146A-5261-4519-8393-A678B3C45865}\mpengine.dll
2014-02-28 09:38 . 2014-02-28 09:38 -------- d-----w- c:\program files\ggreaTsaving
2014-02-27 18:02 . 2014-02-27 18:02 -------- d-----w- c:\program files\Common Files\Skype
2014-02-27 18:02 . 2014-02-27 18:02 -------- d-----r- c:\program files\Skype
2014-02-26 08:49 . 2014-02-28 09:42 -------- d-----w- c:\programdata\ggreaTsaving
2014-02-26 08:49 . 2014-02-28 09:38 -------- d-----w- c:\programdata\2ee81df3df7fe83
2014-02-26 08:49 . 2014-03-01 09:26 -------- d-----w- c:\programdata\TXTFilesConverrt
2014-02-26 08:49 . 2014-02-26 08:49 -------- d-----w- c:\programdata\mlhciejaipalaalpfphdmmpbklcpjpil
2014-02-25 07:49 . 2014-02-25 07:49 -------- d-----w- c:\windows\Migration
2014-02-25 07:43 . 2014-02-25 07:46 -------- d-----w- C:\65290b00188f4ab20dfc1ab9f309
2014-02-13 21:01 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-06 15:53 . 2014-03-02 14:15 -------- d-----w- c:\users\IG\AppData\Local\BrowserSafeguard
2014-02-06 14:44 . 2014-02-06 14:44 -------- d-----w- c:\users\IG\.android
2014-02-06 14:43 . 2014-02-06 14:49 -------- d-----w- c:\users\IG\AppData\Local\cache
2014-02-06 14:43 . 2014-03-01 09:26 -------- d-----w- c:\users\IG\AppData\Local\genienext
2014-02-06 14:43 . 2014-02-06 17:49 -------- d-----w- c:\users\IG\AppData\Local\Mobogenie
2014-02-06 14:43 . 2014-02-06 17:37 -------- d-----w- c:\users\IG\AppData\Roaming\systweak
2014-02-06 14:42 . 2014-02-06 14:42 -------- d-----w- c:\users\IG\AppData\Local\Hexonic_Software
2014-02-06 14:42 . 2014-02-06 14:43 -------- d-----w- c:\users\IG\AppData\Roaming\Hexonic Software
2014-02-06 14:42 . 2014-02-06 14:42 -------- d-----w- c:\program files\Hexonic ScanToPDF
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 08:44 . 2012-11-06 18:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-23 08:44 . 2011-10-31 10:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-27 08:58 . 2009-10-03 08:16 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-08-13 11:54 2736736 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{A18A516C-AA41-46A9-92DB-60208917E442}]
2013-12-11 15:49 184400 ----a-w- c:\program files\Avira\Internet Explorer\avira32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49 281760 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-08-13 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-08-13 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2013-11-14 20584608]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-09 940944]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BrowserSafeguard"="c:\users\IG\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe" [2014-02-06 417792]
"BrowserSafeguard Update Task"="c:\users\IG\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe" [2014-02-06 3350528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-14 689744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-08 10:06 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-01 14:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-06-09 16:52 20880 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-06-09 16:52 3373968 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 16:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 10:55 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2007-01-12 18:36 323216 ----a-w- c:\program files\Napster\napster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-19 20:05 8497696 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-19 20:05 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-19 20:05 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 12:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 13:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-09-30 18:34 181544 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 02:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 08:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-18 13:53 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
c:\program files\Tunebite\tunebite.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVIPBB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-06 08:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49163;https=127.0.0.1:49163
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1210628430
FF - ProfilePath - c:\users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.meinvz.net/
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2009-08-10 21:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2013-01-29 21:05; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file)
BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
Toolbar-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-Nokia - c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe
MSConfigStartUp-Optimizer Pro - c:\program files\Optimizer Pro\OptProLauncher.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Tunebite - c:\program files\RapidSolution\Tunebite\Tunebite.exe
MSConfigStartUp-UCam_Menu - c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-03-03 13:58
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL1]
"ImagePath"="\"c:\program files\GlobalSat Technology\Crivit Training Gym\MySQL\bin\mysqld-nt\" \"--defaults-file=c:\program files\GlobalSat Technology\Crivit Training Gym\MySQL\my2.ini\" MySQL1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-03-03 15:19:26
ComboFix-quarantined-files.txt 2014-03-03 14:19
.
Vor Suchlauf: 13 Verzeichnis(se), 101.386.366.976 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 101.349.507.072 Bytes frei
.
- - End Of File - - 0C5E54DBC57240015AC4EECB1B633D49
1A1A06F62E891045814007163C1C76C3
|
|
04.03.2014, 11:44
| #4 |
| /// the machine /// TB-Ausbilder | Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehr Combofix bitte löschen und neu laden, nochmal laufen lassen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.03.2014, 14:22
| #5 |
| | Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehr nochmal laufen lassen: Code:
ATTFilter ComboFix 14-03-04.01 - IG 04.03.2014 12:43:02.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1121 [GMT 1:00]
ausgeführt von:: c:\users\IG\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\IG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcepgedfnliibkdeeenplgghgdiaeep
c:\users\IG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcepgedfnliibkdeeenplgghgdiaeep\8.3\background.html
c:\users\IG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcepgedfnliibkdeeenplgghgdiaeep\8.3\Cc1tBFC0.js
c:\users\IG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcepgedfnliibkdeeenplgghgdiaeep\8.3\content.js
c:\users\IG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcepgedfnliibkdeeenplgghgdiaeep\8.3\lsdb.js
c:\users\IG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcepgedfnliibkdeeenplgghgdiaeep\8.3\manifest.json
c:\users\IG\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\extensions\oiao@dpoz.edu
c:\users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\extensions\oiao@dpoz.edu\bootstrap.js
c:\users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\extensions\oiao@dpoz.edu\chrome.manifest
c:\users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\extensions\oiao@dpoz.edu\content\bg.js
c:\users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\extensions\oiao@dpoz.edu\install.rdf
c:\users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\extensions\wg-4lpnr@ieoaetpa.net
c:\users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\extensions\wg-4lpnr@ieoaetpa.net\bootstrap.js
c:\users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\extensions\wg-4lpnr@ieoaetpa.net\chrome.manifest
c:\users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\extensions\wg-4lpnr@ieoaetpa.net\content\bg.js
c:\users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\extensions\wg-4lpnr@ieoaetpa.net\install.rdf
c:\windows\system32\drivers\~GLH0014.TMP
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-02-04 bis 2014-03-04 ))))))))))))))))))))))))))))))
.
.
2014-03-04 11:57 . 2014-03-04 11:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-03 12:42 . 2014-03-03 12:45 -------- d-----w- c:\program files\Avira
2014-03-03 10:40 . 2014-03-03 10:40 -------- d-----w- c:\program files\McAfee Security Scan
2014-03-03 10:19 . 2014-03-03 10:29 -------- d-----w- C:\FRST
2014-03-02 09:43 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2014-03-02 09:43 . 2014-03-02 11:24 -------- d-----w- c:\programdata\Spyware Terminator
2014-03-02 09:43 . 2014-03-02 09:43 -------- d-----w- c:\users\IG\AppData\Roaming\Spyware Terminator
2014-03-02 09:43 . 2014-03-02 09:44 -------- d-----w- c:\program files\Spyware Terminator
2014-03-01 16:47 . 2014-03-01 16:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-03-01 08:17 . 2014-03-01 08:17 -------- d-----w- c:\users\IG\AppData\Roaming\Malwarebytes
2014-03-01 08:16 . 2014-03-01 08:16 -------- d-----w- c:\programdata\Malwarebytes
2014-03-01 08:16 . 2014-03-01 08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-01 08:16 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-28 18:58 . 2014-03-01 11:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-02-28 18:58 . 2014-03-01 11:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-02-28 14:09 . 2014-02-17 00:32 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D819146A-5261-4519-8393-A678B3C45865}\mpengine.dll
2014-02-28 09:38 . 2014-02-28 09:38 -------- d-----w- c:\program files\ggreaTsaving
2014-02-27 18:02 . 2014-02-27 18:02 -------- d-----w- c:\program files\Common Files\Skype
2014-02-27 18:02 . 2014-02-27 18:02 -------- d-----r- c:\program files\Skype
2014-02-26 08:49 . 2014-02-28 09:42 -------- d-----w- c:\programdata\ggreaTsaving
2014-02-26 08:49 . 2014-02-28 09:38 -------- d-----w- c:\programdata\2ee81df3df7fe83
2014-02-26 08:49 . 2014-03-01 09:26 -------- d-----w- c:\programdata\TXTFilesConverrt
2014-02-26 08:49 . 2014-02-26 08:49 -------- d-----w- c:\programdata\mlhciejaipalaalpfphdmmpbklcpjpil
2014-02-25 07:49 . 2014-02-25 07:49 -------- d-----w- c:\windows\Migration
2014-02-25 07:43 . 2014-02-25 07:46 -------- d-----w- C:\65290b00188f4ab20dfc1ab9f309
2014-02-13 21:01 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-06 15:53 . 2014-03-02 14:15 -------- d-----w- c:\users\IG\AppData\Local\BrowserSafeguard
2014-02-06 14:44 . 2014-02-06 14:44 -------- d-----w- c:\users\IG\.android
2014-02-06 14:43 . 2014-02-06 14:49 -------- d-----w- c:\users\IG\AppData\Local\cache
2014-02-06 14:43 . 2014-03-01 09:26 -------- d-----w- c:\users\IG\AppData\Local\genienext
2014-02-06 14:43 . 2014-02-06 17:49 -------- d-----w- c:\users\IG\AppData\Local\Mobogenie
2014-02-06 14:43 . 2014-02-06 17:37 -------- d-----w- c:\users\IG\AppData\Roaming\systweak
2014-02-06 14:42 . 2014-02-06 14:42 -------- d-----w- c:\users\IG\AppData\Local\Hexonic_Software
2014-02-06 14:42 . 2014-02-06 14:43 -------- d-----w- c:\users\IG\AppData\Roaming\Hexonic Software
2014-02-06 14:42 . 2014-02-06 14:42 -------- d-----w- c:\program files\Hexonic ScanToPDF
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 08:44 . 2012-11-06 18:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-23 08:44 . 2011-10-31 10:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-27 08:58 . 2009-10-03 08:16 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-08-13 11:54 2736736 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{A18A516C-AA41-46A9-92DB-60208917E442}]
2013-12-11 15:49 184400 ----a-w- c:\program files\Avira\Internet Explorer\avira32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49 281760 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-08-13 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-08-13 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2013-11-14 20584608]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-09 940944]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BrowserSafeguard"="c:\users\IG\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe" [2014-02-06 417792]
"BrowserSafeguard Update Task"="c:\users\IG\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe" [2014-02-06 3350528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-08 10:06 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-01 14:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-06-09 16:52 20880 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-06-09 16:52 3373968 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 16:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 10:55 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2007-01-12 18:36 323216 ----a-w- c:\program files\Napster\napster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-19 20:05 8497696 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-19 20:05 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-19 20:05 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 12:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 13:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-09-30 18:34 181544 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 02:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 08:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-18 13:53 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
c:\program files\Tunebite\tunebite.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-06 08:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49158;https=127.0.0.1:49158
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1210628430
FF - ProfilePath - c:\users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.meinvz.net/
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2009-08-10 21:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2013-01-29 21:05; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-03-04 12:57
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL1]
"ImagePath"="\"c:\program files\GlobalSat Technology\Crivit Training Gym\MySQL\bin\mysqld-nt\" \"--defaults-file=c:\program files\GlobalSat Technology\Crivit Training Gym\MySQL\my2.ini\" MySQL1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-03-04 14:18:08
ComboFix-quarantined-files.txt 2014-03-04 13:18
ComboFix2.txt 2014-03-03 14:20
.
Vor Suchlauf: 18 Verzeichnis(se), 101.368.016.896 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 101.342.781.440 Bytes frei
.
- - End Of File - - D18A32DBE4F5F30179BC3F20AD126AD5
1A1A06F62E891045814007163C1C76C3
|
|
05.03.2014, 12:23
| #6 |
| /// the machine /// TB-Ausbilder | Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehr Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehr |
|
05.03.2014, 14:24
| #7 |
| | Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehr Hallo, hier die Ergebnisse: Maleware Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.05.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 IG :: IG-PC [Administrator] 05.03.2014 14:05:24 mbam-log-2014-03-05 (14-05-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228755 Laufzeit: 16 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
05.03.2014, 15:04
| #8 |
| | Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehr AdwCleaner ist zu groß,muss ich zippen: |
|
05.03.2014, 15:05
| #9 |
| | Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehr JRT.txt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by IG on 05.03.2014 at 14:38:18,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2561989257-1036546166-1193492379-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{160DB79B-FE46-41D8-A2F7-3C3A5A247AAE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{DE0A07AA-BDB3-475C-AB03-039789E444B3}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\IG\AppData\Roaming\mozilla\firefox\profiles\38p1fbqq.default\prefs.js
user_pref("CT2269050./9b+7e3x305.from_oldbar.enc", "JH4vQT87NjM/R0Y/fUk+QS52MH4iJCE1LDdHS1lXS0pIWFhOXjdiVzpTXkkySzo9PztQR1JibGJddXhtdmp8UXxxdGFKY1JVV1JoX2p6LSYsLCR+LzIuaTUqLXl
user_pref("CT2269050./9b+7ebx305.from_oldbar.enc", "JH4+OTFBMD0zRUA2Mn5KP0IvdzF7fSM1LDdWWUlITk9RUlxOTFVTW1RgWlo+aV5hTjdQOz1BVEtWdXVlbXNneW1tfFUhdXhlTmdSVFdrYm0tIiUuIGczKGokL3l
Emptied folder: C:\Users\IG\AppData\Roaming\mozilla\firefox\profiles\38p1fbqq.default\minidumps [401 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.03.2014 at 14:44:24,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014
Ran by IG (administrator) on IG-PC on 05-03-2014 14:48:50
Running from C:\Users\IG\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Check Point Software Technologies LTD) C:\Windows\System32\ZoneLabs\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\GlobalSat Technology\Crivit Training Gym\MySQL\bin\mysqld-nt.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Check Point Software Technologies LTD) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [ZoneAlarm Client] - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [959976 2008-03-03] (Check Point Software Technologies LTD)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-09-19] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8497696 2007-09-19] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-09-19] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [Skype] - C:\Program Files\Skype\\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [940944 2011-06-09] (Samsung)
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49159;https=127.0.0.1:49159
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files\avira\Internet Explorer\avira32.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://express.foto.com/ImageUploader5.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1210628430
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: haufereader - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default
FF Homepage: hxxp://www.meinvz.net/
FF NetworkProxy: "user_pref("extension.gacela.network.proxy.autoconfig_url", "file:///C:/Users/IG/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_4917ded2.pac");
FF NetworkProxy: "user_pref("extension.gacela.network.proxy.type", 5);
FF NetworkProxy: "autoconfig_url", "file:///C:/Users/IG/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_4917ded2.pac"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.3088 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.3146 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\IG\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Savings Advisor - C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\Extensions\ciuvo-extension@avira.de [2014-03-03]
FF Extension: FoxyProxy Standard - C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\Extensions\foxyproxy@eric.h.jung [2014-02-04]
FF Extension: WEB.DE MailCheck - C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\Extensions\toolbar@web.de.xpi [2013-01-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2009-12-17] (NOS Microsystems Ltd.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 MySQL1; C:\Program Files\GlobalSat Technology\Crivit Training Gym\MySQL\my2.ini [2278 2008-04-25] ()
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-03-09] ()
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-09-30] ()
R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-09-30] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-04-03] (Crawler.com)
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
R2 vsmon; C:\Windows\System32\ZoneLabs\vsmon.exe [79400 2008-03-03] (Check Point Software Technologies LTD)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [15872 2008-07-10] (CSR, plc)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-18] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-18] (Sonic Solutions)
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-09-09] (Conexant Systems Inc.)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [44320 2008-10-15] (RapidSolution Software AG)
R3 TotRec7; C:\Windows\System32\drivers\TotRec7.sys [127496 2008-10-23] (High Criteria inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [279440 2008-03-03] (Check Point Software Technologies LTD)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S1 ASPI32; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\IG\AppData\Local\Temp\catchme.sys [X]
U1 eabfiltr;
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 siusbmod; system32\DRIVERS\siusbmod.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-05 14:44 - 2014-03-05 14:44 - 00002492 _____ () C:\Users\IG\Desktop\JRT.txt
2014-03-05 14:38 - 2014-03-05 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-03-05 14:36 - 2014-03-05 14:36 - 01037734 _____ (Thisisu) C:\Users\IG\Downloads\JRT.exe
2014-03-05 14:24 - 2014-03-05 14:28 - 00000000 ____D () C:\AdwCleaner
2014-03-05 14:23 - 2014-03-05 14:23 - 01244192 _____ () C:\Users\IG\Downloads\adwcleaner.exe
2014-03-04 14:38 - 2014-03-04 14:38 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Avira
2014-03-04 14:37 - 2014-03-04 14:37 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-03-04 14:36 - 2014-03-04 14:36 - 00000000 ____D () C:\ProgramData\Avira
2014-03-04 14:36 - 2014-02-14 11:00 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-04 14:36 - 2014-02-14 11:00 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-04 14:36 - 2014-02-14 11:00 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-04 14:18 - 2014-03-04 14:18 - 00019084 _____ () C:\ComboFix.txt
2014-03-04 12:40 - 2014-03-04 14:18 - 00000000 ____D () C:\ComboFix
2014-03-04 12:36 - 2014-03-04 12:37 - 05187080 ____R (Swearware) C:\Users\IG\Desktop\ComboFix.exe
2014-03-03 13:50 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-03 13:50 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-03 13:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-03 13:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-03 13:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-03 13:50 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-03 13:50 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-03 13:50 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-03 13:49 - 2014-03-04 14:18 - 00000000 ____D () C:\Qoobox
2014-03-03 13:48 - 2014-03-03 13:59 - 00000000 ____D () C:\Windows\erdnt
2014-03-03 13:42 - 2014-03-04 14:36 - 00000000 ____D () C:\Program Files\Avira
2014-03-03 13:25 - 2014-03-03 13:32 - 137004504 _____ () C:\Users\IG\Downloads\avira_free_antivirus_de.exe
2014-03-03 13:14 - 2014-03-03 13:15 - 05185084 _____ (Swearware) C:\Users\IG\Downloads\ComboFix.exe
2014-03-03 12:44 - 2014-03-03 12:44 - 00005279 _____ () C:\Users\IG\Desktop\gmer.log
2014-03-03 11:42 - 2014-03-03 11:42 - 00380416 _____ () C:\Users\IG\Downloads\Gmer-19357.exe
2014-03-03 11:41 - 2014-03-03 11:41 - 00001919 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-03 11:40 - 2014-03-03 11:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-03 11:31 - 2014-03-03 11:31 - 00048582 _____ () C:\Users\IG\Desktop\FRST.txt
2014-03-03 11:31 - 2014-03-03 11:31 - 00039482 _____ () C:\Users\IG\Desktop\Addition.txt
2014-03-03 11:22 - 2014-03-03 11:29 - 00039483 _____ () C:\Users\IG\Downloads\Addition.txt
2014-03-03 11:19 - 2014-03-05 14:48 - 00018078 _____ () C:\Users\IG\Downloads\FRST.txt
2014-03-03 11:19 - 2014-03-05 14:48 - 00000000 ____D () C:\FRST
2014-03-03 11:18 - 2014-03-03 11:19 - 01145344 _____ (Farbar) C:\Users\IG\Downloads\FRST.exe
2014-03-03 11:17 - 2014-03-03 11:18 - 00000466 _____ () C:\Users\IG\Downloads\defogger_disable.log
2014-03-03 11:17 - 2014-03-03 11:17 - 00000000 _____ () C:\Users\IG\defogger_reenable
2014-03-03 11:16 - 2014-03-03 11:17 - 00050477 _____ () C:\Users\IG\Downloads\Defogger.exe
2014-03-02 10:43 - 2014-03-02 12:24 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-03-02 10:43 - 2014-03-02 10:44 - 00000000 ____D () C:\Program Files\Spyware Terminator
2014-03-02 10:43 - 2014-03-02 10:43 - 00000847 _____ () C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-03-02 10:43 - 2014-03-02 10:43 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Spyware Terminator
2014-03-02 10:43 - 2011-06-21 11:24 - 00032768 _____ () C:\Windows\system32\Drivers\sp_rsdrv2.sys
2014-03-02 10:42 - 2014-03-02 10:42 - 05049344 _____ (Crawler.com ) C:\Users\IG\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-03-01 17:47 - 2014-03-01 17:47 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-01 17:47 - 2014-03-01 17:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-01 17:39 - 2014-03-01 17:39 - 00081520 _____ () C:\Users\IG\Downloads\bookmarks-2014-03-01.json
2014-03-01 09:17 - 2014-03-01 09:17 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Malwarebytes
2014-03-01 09:16 - 2014-03-01 09:16 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-01 09:16 - 2014-03-01 09:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 09:16 - 2014-03-01 09:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-01 09:16 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-01 09:15 - 2014-03-01 09:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\IG\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-01 09:02 - 2014-03-01 09:02 - 01727624 _____ () C:\Users\IG\Downloads\Adaware_Installer_11.1.5354.exe
2014-02-28 19:58 - 2014-03-01 12:57 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-02-28 19:58 - 2014-03-01 12:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-28 19:55 - 2014-02-28 19:57 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\IG\Downloads\spybot-2.2.25(1).exe
2014-02-28 19:42 - 2014-02-28 19:42 - 28410281 _____ (Safer-Networking Ltd. ) C:\Users\IG\Downloads\spybot-2.2.25.exe.part
2014-02-28 19:42 - 2014-02-28 19:42 - 00000000 _____ () C:\Users\IG\Downloads\spybot-2.2.25.exe
2014-02-28 13:44 - 2014-03-05 07:21 - 00196950 _____ () C:\Windows\PFRO.log
2014-02-28 10:38 - 2014-02-28 10:38 - 00000000 ____D () C:\Program Files\ggreaTsaving
2014-02-27 19:02 - 2014-02-27 19:02 - 00000000 ___RD () C:\Program Files\Skype
2014-02-27 19:02 - 2014-02-27 19:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-26 09:49 - 2014-03-01 10:26 - 00000000 ____D () C:\ProgramData\TXTFilesConverrt
2014-02-26 09:49 - 2014-02-28 10:42 - 00000000 ____D () C:\ProgramData\ggreaTsaving
2014-02-26 09:49 - 2014-02-28 10:38 - 00000000 ____D () C:\ProgramData\2ee81df3df7fe83
2014-02-26 09:49 - 2014-02-26 09:49 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-26 09:49 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\mlhciejaipalaalpfphdmmpbklcpjpil
2014-02-25 08:43 - 2014-02-25 08:46 - 00000000 ____D () C:\65290b00188f4ab20dfc1ab9f309
2014-02-14 19:31 - 2014-03-01 17:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-13 22:38 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 22:38 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 22:38 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 22:38 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 22:38 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 22:38 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 22:38 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-13 22:38 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 22:38 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 22:38 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 22:38 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 22:38 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 22:38 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 22:38 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 22:38 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-13 22:38 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 22:01 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-06 20:56 - 2014-02-06 20:58 - 00002646 _____ () C:\Users\IG\Desktop\Rkill.txt
2014-02-06 20:56 - 2014-02-06 20:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\IG\Downloads\rkill.com
2014-02-06 20:56 - 2014-02-06 20:56 - 00000000 ____D () C:\Users\IG\Desktop\rkill
2014-02-06 18:58 - 2014-02-06 18:58 - 00021726 _____ () C:\Users\IG\Documents\cc_20140206_1858.reg
2014-02-06 18:57 - 2014-02-06 18:57 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2014-02-06 17:21 - 2014-02-06 17:22 - 00376642 _____ () C:\Users\IG\Documents\cc_20140206_1721.reg
2014-02-06 15:44 - 2014-02-06 15:44 - 00000000 ____D () C:\Users\IG\.android
2014-02-06 15:43 - 2014-02-06 15:49 - 00000000 ____D () C:\Users\IG\AppData\Local\cache
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\Documents\Hexonic ScanToPDF Dokumente
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 _____ () C:\Users\IG\daemonprocess.txt
2014-02-06 15:42 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Hexonic Software
2014-02-06 15:42 - 2014-02-06 15:42 - 00000907 _____ () C:\Users\Public\Desktop\Hexonic ScanToPDF.lnk
2014-02-06 15:42 - 2014-02-06 15:42 - 00000000 ____D () C:\Users\IG\AppData\Local\Hexonic_Software
2014-02-06 15:42 - 2014-02-06 15:42 - 00000000 ____D () C:\Program Files\Hexonic ScanToPDF
2014-02-06 15:39 - 2014-02-06 15:39 - 01319678 _____ (Hexonic Software ) C:\Users\IG\Desktop\HexonicScanToPDFSetup.exe
==================== One Month Modified Files and Folders =======
2014-03-05 14:49 - 2014-03-03 11:19 - 00018078 _____ () C:\Users\IG\Downloads\FRST.txt
2014-03-05 14:48 - 2014-03-03 11:19 - 00000000 ____D () C:\FRST
2014-03-05 14:44 - 2014-03-05 14:44 - 00002492 _____ () C:\Users\IG\Desktop\JRT.txt
2014-03-05 14:44 - 2012-11-06 19:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 14:38 - 2014-03-05 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-03-05 14:36 - 2014-03-05 14:36 - 01037734 _____ (Thisisu) C:\Users\IG\Downloads\JRT.exe
2014-03-05 14:36 - 2008-01-25 13:59 - 01749988 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 14:32 - 2008-03-07 21:04 - 00352614 ____H () C:\Windows\system32\Drivers\vsconfig.xml
2014-03-05 14:31 - 2008-03-05 17:22 - 00027050 _____ () C:\Users\IG\AppData\Roaming\nvModes.001
2014-03-05 14:31 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-05 14:31 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 14:31 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 14:29 - 2008-07-24 12:31 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-05 14:29 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-05 14:28 - 2014-03-05 14:24 - 00000000 ____D () C:\AdwCleaner
2014-03-05 14:26 - 2013-01-29 21:05 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-05 14:26 - 2010-01-26 19:56 - 00000000 ____D () C:\ProgramData\ICQ
2014-03-05 14:23 - 2014-03-05 14:23 - 01244192 _____ () C:\Users\IG\Downloads\adwcleaner.exe
2014-03-05 13:58 - 2008-04-06 15:05 - 40649728 _____ () C:\Users\IG\Outlook Sicherung.pst
2014-03-05 07:21 - 2014-02-28 13:44 - 00196950 _____ () C:\Windows\PFRO.log
2014-03-04 14:38 - 2014-03-04 14:38 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Avira
2014-03-04 14:37 - 2014-03-04 14:37 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-03-04 14:36 - 2014-03-04 14:36 - 00000000 ____D () C:\ProgramData\Avira
2014-03-04 14:36 - 2014-03-03 13:42 - 00000000 ____D () C:\Program Files\Avira
2014-03-04 14:18 - 2014-03-04 14:18 - 00019084 _____ () C:\ComboFix.txt
2014-03-04 14:18 - 2014-03-04 12:40 - 00000000 ____D () C:\ComboFix
2014-03-04 14:18 - 2014-03-03 13:49 - 00000000 ____D () C:\Qoobox
2014-03-04 12:57 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-04 12:37 - 2014-03-04 12:36 - 05187080 ____R (Swearware) C:\Users\IG\Desktop\ComboFix.exe
2014-03-03 15:50 - 2006-11-02 11:33 - 01609096 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-03 15:20 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-03-03 15:20 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-03-03 13:59 - 2014-03-03 13:48 - 00000000 ____D () C:\Windows\erdnt
2014-03-03 13:32 - 2014-03-03 13:25 - 137004504 _____ () C:\Users\IG\Downloads\avira_free_antivirus_de.exe
2014-03-03 13:15 - 2014-03-03 13:14 - 05185084 _____ (Swearware) C:\Users\IG\Downloads\ComboFix.exe
2014-03-03 12:44 - 2014-03-03 12:44 - 00005279 _____ () C:\Users\IG\Desktop\gmer.log
2014-03-03 11:42 - 2014-03-03 11:42 - 00380416 _____ () C:\Users\IG\Downloads\Gmer-19357.exe
2014-03-03 11:41 - 2014-03-03 11:41 - 00001919 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-03 11:40 - 2014-03-03 11:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-03 11:31 - 2014-03-03 11:31 - 00048582 _____ () C:\Users\IG\Desktop\FRST.txt
2014-03-03 11:31 - 2014-03-03 11:31 - 00039482 _____ () C:\Users\IG\Desktop\Addition.txt
2014-03-03 11:29 - 2014-03-03 11:22 - 00039483 _____ () C:\Users\IG\Downloads\Addition.txt
2014-03-03 11:19 - 2014-03-03 11:18 - 01145344 _____ (Farbar) C:\Users\IG\Downloads\FRST.exe
2014-03-03 11:18 - 2014-03-03 11:17 - 00000466 _____ () C:\Users\IG\Downloads\defogger_disable.log
2014-03-03 11:17 - 2014-03-03 11:17 - 00000000 _____ () C:\Users\IG\defogger_reenable
2014-03-03 11:17 - 2014-03-03 11:16 - 00050477 _____ () C:\Users\IG\Downloads\Defogger.exe
2014-03-03 11:17 - 2008-03-03 18:58 - 00000000 ____D () C:\Users\IG
2014-03-03 10:49 - 2008-04-15 19:44 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-03-02 12:24 - 2014-03-02 10:43 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-03-02 10:44 - 2014-03-02 10:43 - 00000000 ____D () C:\Program Files\Spyware Terminator
2014-03-02 10:43 - 2014-03-02 10:43 - 00000847 _____ () C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-03-02 10:43 - 2014-03-02 10:43 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Spyware Terminator
2014-03-02 10:42 - 2014-03-02 10:42 - 05049344 _____ (Crawler.com ) C:\Users\IG\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-03-01 17:47 - 2014-03-01 17:47 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-01 17:47 - 2014-03-01 17:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-01 17:47 - 2014-02-14 19:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-01 17:39 - 2014-03-01 17:39 - 00081520 _____ () C:\Users\IG\Downloads\bookmarks-2014-03-01.json
2014-03-01 17:27 - 2012-10-04 13:50 - 00038912 _____ () C:\Users\IG\Desktop\Strom_Haus.xls
2014-03-01 12:57 - 2014-02-28 19:58 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-01 12:46 - 2014-02-28 19:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-01 12:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-03-01 12:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Provisioning
2014-03-01 10:26 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\TXTFilesConverrt
2014-03-01 09:17 - 2014-03-01 09:17 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Malwarebytes
2014-03-01 09:16 - 2014-03-01 09:16 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-01 09:16 - 2014-03-01 09:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 09:16 - 2014-03-01 09:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-01 09:16 - 2014-03-01 09:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\IG\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-01 09:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-01 09:02 - 2014-03-01 09:02 - 01727624 _____ () C:\Users\IG\Downloads\Adaware_Installer_11.1.5354.exe
2014-02-28 19:57 - 2014-02-28 19:55 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\IG\Downloads\spybot-2.2.25(1).exe
2014-02-28 19:42 - 2014-02-28 19:42 - 28410281 _____ (Safer-Networking Ltd. ) C:\Users\IG\Downloads\spybot-2.2.25.exe.part
2014-02-28 19:42 - 2014-02-28 19:42 - 00000000 _____ () C:\Users\IG\Downloads\spybot-2.2.25.exe
2014-02-28 18:15 - 2010-09-16 18:40 - 00000000 ____D () C:\Users\IG\Documents\Lauftraining
2014-02-28 11:13 - 2013-12-19 06:37 - 00068096 _____ () C:\Users\IG\Desktop\Urlaub und Arbeitszeit.xls
2014-02-28 11:03 - 2008-03-04 18:49 - 00000000 ____D () C:\Program Files\Google
2014-02-28 10:42 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\ggreaTsaving
2014-02-28 10:39 - 2008-03-04 18:50 - 00000000 ____D () C:\ProgramData\Google
2014-02-28 10:39 - 2008-03-04 18:49 - 00000000 ____D () C:\Users\IG\AppData\Local\Google
2014-02-28 10:38 - 2014-02-28 10:38 - 00000000 ____D () C:\Program Files\ggreaTsaving
2014-02-28 10:38 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\2ee81df3df7fe83
2014-02-28 10:32 - 2009-01-11 20:01 - 00000000 ____D () C:\Windows\Minidump
2014-02-27 19:02 - 2014-02-27 19:02 - 00000000 ___RD () C:\Program Files\Skype
2014-02-27 19:02 - 2014-02-27 19:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-27 19:02 - 2008-03-04 18:49 - 00000000 ____D () C:\ProgramData\Skype
2014-02-27 09:06 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-26 18:34 - 2009-08-23 08:42 - 00000000 ____D () C:\Users\IG\Documents\Ilka
2014-02-26 09:49 - 2014-02-26 09:49 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-26 09:49 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\mlhciejaipalaalpfphdmmpbklcpjpil
2014-02-26 09:49 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-25 18:20 - 2008-03-18 17:15 - 00000000 ____D () C:\Users\IG\AppData\Roaming\XnView
2014-02-25 08:46 - 2014-02-25 08:43 - 00000000 ____D () C:\65290b00188f4ab20dfc1ab9f309
2014-02-23 09:44 - 2012-11-06 19:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-23 09:44 - 2011-10-31 11:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-22 12:43 - 2007-10-24 08:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-21 12:23 - 2009-02-16 19:47 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-02-15 16:54 - 2014-01-07 18:06 - 00000000 ____D () C:\Users\IG\Documents\A_Kind
2014-02-14 11:00 - 2014-03-04 14:36 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-14 11:00 - 2014-03-04 14:36 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-14 11:00 - 2014-03-04 14:36 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-14 11:00 - 2008-03-04 18:48 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-02-13 22:46 - 2013-08-14 19:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 22:40 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-06 20:58 - 2014-02-06 20:56 - 00002646 _____ () C:\Users\IG\Desktop\Rkill.txt
2014-02-06 20:56 - 2014-02-06 20:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\IG\Downloads\rkill.com
2014-02-06 20:56 - 2014-02-06 20:56 - 00000000 ____D () C:\Users\IG\Desktop\rkill
2014-02-06 20:51 - 2012-01-31 06:38 - 00001356 _____ () C:\Users\IG\AppData\Local\d3d9caps.dat
2014-02-06 19:02 - 2006-11-02 13:47 - 00320280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-06 18:58 - 2014-02-06 18:58 - 00021726 _____ () C:\Users\IG\Documents\cc_20140206_1858.reg
2014-02-06 18:57 - 2014-02-06 18:57 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2014-02-06 18:56 - 2010-01-25 20:46 - 00000000 ____D () C:\Users\IG\.CABAReTStage_4.2
2014-02-06 18:56 - 2010-01-25 20:45 - 00000000 ____D () C:\Program Files\CABAReT Stage 4.2
2014-02-06 18:56 - 2007-10-24 08:38 - 00000000 ____D () C:\Program Files\Alice
2014-02-06 18:55 - 2007-10-24 08:29 - 00000000 ____D () C:\Program Files\CyberLink
2014-02-06 18:55 - 2007-10-24 07:00 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-06 18:44 - 2010-03-25 05:16 - 00000000 ____D () C:\Program Files\Opera
2014-02-06 18:42 - 2008-07-25 10:56 - 00000000 ____D () C:\Program Files\PDF Blender
2014-02-06 18:42 - 2008-03-03 18:58 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-02-06 18:42 - 2007-10-24 08:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-02-06 18:42 - 2007-10-24 08:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-02-06 18:40 - 2008-10-27 21:57 - 00000000 ____D () C:\Program Files\LitexMedia
2014-02-06 18:38 - 2008-09-08 18:52 - 00000000 ____D () C:\Program Files\SCHLECKER
2014-02-06 17:22 - 2014-02-06 17:21 - 00376642 _____ () C:\Users\IG\Documents\cc_20140206_1721.reg
2014-02-06 16:54 - 2008-03-03 19:11 - 00076664 _____ () C:\Users\IG\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-06 15:49 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\AppData\Local\cache
2014-02-06 15:44 - 2014-02-06 15:44 - 00000000 ____D () C:\Users\IG\.android
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\Documents\Hexonic ScanToPDF Dokumente
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 _____ () C:\Users\IG\daemonprocess.txt
2014-02-06 15:43 - 2014-02-06 15:42 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Hexonic Software
2014-02-06 15:42 - 2014-02-06 15:42 - 00000907 _____ () C:\Users\Public\Desktop\Hexonic ScanToPDF.lnk
2014-02-06 15:42 - 2014-02-06 15:42 - 00000000 ____D () C:\Users\IG\AppData\Local\Hexonic_Software
2014-02-06 15:42 - 2014-02-06 15:42 - 00000000 ____D () C:\Program Files\Hexonic ScanToPDF
2014-02-06 15:39 - 2014-02-06 15:39 - 01319678 _____ (Hexonic Software ) C:\Users\IG\Desktop\HexonicScanToPDFSetup.exe
2014-02-05 09:58 - 2014-02-13 22:38 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-13 22:38 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-13 22:38 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-13 22:38 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-13 22:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-13 22:38 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-13 22:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-13 22:38 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-13 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-13 22:38 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-13 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-13 22:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-13 22:38 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-13 22:38 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-13 22:38 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-13 22:38 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\Users\IG\lame_enc.dll
C:\Users\IG\setup.exe
Some content of TEMP:
====================
C:\Users\IG\AppData\Local\Temp\avgnt.exe
C:\Users\IG\AppData\Local\Temp\catchme.dll
C:\Users\IG\AppData\Local\Temp\Quarantine.exe
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite13537.dll
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite44685.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-05 14:39
==================== End Of Log ============================
|
|
06.03.2014, 10:46
| #10 |
| /// the machine /// TB-Ausbilder | Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehrESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.03.2014, 16:24
| #11 |
| | Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehr Hier der Anfang - ESET Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=02a18282294cc944b1cb066434787968
# engine=17337
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-06 01:51:59
# local_time=2014-03-06 02:51:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16774142 0 5 13444 1745469 0 0
# compatibility_mode=5892 16776574 100 100 111346 231646647 0 0
# compatibility_mode=7937 16777214 28 75 360469 29159167 0 0
# compatibility_mode=9217 16777214 75 66 89410115 189568027 0 0
# scanned=237784
# found=0
# cleaned=0
# scan_time=13135
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spyware Terminator 2012 Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner (remove only) Java 7 Update 40 Java(TM) 6 Update 2 Java version out of Date! Adobe Flash Player 12.0.0.70 Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (27.0.1) ````````Process Check: objlist.exe by Laurent```````` Zone Labs ZoneAlarm zlclient.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014
Ran by IG (administrator) on IG-PC on 06-03-2014 15:54:36
Running from C:\Users\IG\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Check Point Software Technologies LTD) C:\Windows\System32\ZoneLabs\vsmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\GlobalSat Technology\Crivit Training Gym\MySQL\bin\mysqld-nt.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Check Point Software Technologies LTD) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [ZoneAlarm Client] - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [959976 2008-03-03] (Check Point Software Technologies LTD)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-09-19] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8497696 2007-09-19] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-09-19] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [Skype] - C:\Program Files\Skype\\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [940944 2011-06-09] (Samsung)
HKU\S-1-5-21-2561989257-1036546166-1193492379-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyServer: http=127.0.0.1:49159;https=127.0.0.1:49159
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
URLSearchHook: HKLM - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files\avira\Internet Explorer\avira32.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://express.foto.com/ImageUploader5.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1210628430
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: haufereader - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default
FF Homepage: hxxp://www.meinvz.net/
FF NetworkProxy: "user_pref("extension.gacela.network.proxy.autoconfig_url", "file:///C:/Users/IG/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_4917ded2.pac");
FF NetworkProxy: "user_pref("extension.gacela.network.proxy.type", 5);
FF NetworkProxy: "autoconfig_url", "file:///C:/Users/IG/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_4917ded2.pac"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.3088 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.3146 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\IG\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Savings Advisor - C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\Extensions\ciuvo-extension@avira.de [2014-03-03]
FF Extension: FoxyProxy Standard - C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\Extensions\foxyproxy@eric.h.jung [2014-02-04]
FF Extension: WEB.DE MailCheck - C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\Extensions\toolbar@web.de.xpi [2013-01-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\IG\AppData\Roaming\Mozilla\Firefox\Profiles\38p1fbqq.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
========================== Services (Whitelisted) =================
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2009-12-17] (NOS Microsystems Ltd.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 MySQL1; C:\Program Files\GlobalSat Technology\Crivit Training Gym\MySQL\my2.ini [2278 2008-04-25] ()
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-03-09] ()
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-09-30] ()
R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-09-30] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-04-03] (Crawler.com)
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
R2 vsmon; C:\Windows\System32\ZoneLabs\vsmon.exe [79400 2008-03-03] (Check Point Software Technologies LTD)
==================== Drivers (Whitelisted) ====================
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [15872 2008-07-10] (CSR, plc)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-18] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-18] (Sonic Solutions)
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-09-09] (Conexant Systems Inc.)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [44320 2008-10-15] (RapidSolution Software AG)
R3 TotRec7; C:\Windows\System32\drivers\TotRec7.sys [127496 2008-10-23] (High Criteria inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [279440 2008-03-03] (Check Point Software Technologies LTD)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S1 ASPI32; No ImagePath
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\IG\AppData\Local\Temp\catchme.sys [X]
U1 eabfiltr;
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 siusbmod; system32\DRIVERS\siusbmod.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-06 15:48 - 2014-03-06 15:48 - 00987425 _____ () C:\Users\IG\Downloads\SecurityCheck.exe
2014-03-06 15:47 - 2014-03-06 15:47 - 00000000 ____D () C:\Users\IG\Documents\ESET
2014-03-06 11:08 - 2014-03-06 11:08 - 02347384 _____ (ESET) C:\Users\IG\Downloads\esetsmartinstaller_enu(1).exe
2014-03-06 11:08 - 2014-03-06 11:08 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-03-06 10:56 - 2014-03-06 10:56 - 02347384 _____ (ESET) C:\Users\IG\Downloads\esetsmartinstaller_enu.exe
2014-03-05 15:00 - 2014-03-05 15:00 - 00032147 _____ () C:\Users\IG\Desktop\AdwCleaner[S0].zip
2014-03-05 14:59 - 2014-03-05 14:59 - 01110476 _____ () C:\Users\IG\Downloads\7z920.exe
2014-03-05 14:59 - 2014-03-05 14:59 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-05 14:57 - 2014-03-05 14:57 - 00134812 _____ () C:\Users\IG\Desktop\AdwCleaner[S0].txt
2014-03-05 14:44 - 2014-03-05 14:44 - 00002492 _____ () C:\Users\IG\Desktop\JRT.txt
2014-03-05 14:38 - 2014-03-05 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-03-05 14:36 - 2014-03-05 14:36 - 01037734 _____ (Thisisu) C:\Users\IG\Downloads\JRT.exe
2014-03-05 14:24 - 2014-03-05 14:28 - 00000000 ____D () C:\AdwCleaner
2014-03-05 14:23 - 2014-03-05 14:23 - 01244192 _____ () C:\Users\IG\Downloads\adwcleaner.exe
2014-03-04 14:18 - 2014-03-04 14:18 - 00019084 _____ () C:\ComboFix.txt
2014-03-04 12:40 - 2014-03-04 14:18 - 00000000 ____D () C:\ComboFix
2014-03-04 12:36 - 2014-03-04 12:37 - 05187080 ____R (Swearware) C:\Users\IG\Desktop\ComboFix.exe
2014-03-03 13:50 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-03 13:50 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-03 13:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-03 13:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-03 13:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-03 13:50 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-03 13:50 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-03 13:50 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-03 13:49 - 2014-03-04 14:18 - 00000000 ____D () C:\Qoobox
2014-03-03 13:48 - 2014-03-03 13:59 - 00000000 ____D () C:\Windows\erdnt
2014-03-03 13:42 - 2014-03-04 14:36 - 00000000 ____D () C:\Program Files\Avira
2014-03-03 13:25 - 2014-03-03 13:32 - 137004504 _____ () C:\Users\IG\Downloads\avira_free_antivirus_de.exe
2014-03-03 13:14 - 2014-03-03 13:15 - 05185084 _____ (Swearware) C:\Users\IG\Downloads\ComboFix.exe
2014-03-03 12:44 - 2014-03-03 12:44 - 00005279 _____ () C:\Users\IG\Desktop\gmer.log
2014-03-03 11:42 - 2014-03-03 11:42 - 00380416 _____ () C:\Users\IG\Downloads\Gmer-19357.exe
2014-03-03 11:41 - 2014-03-03 11:41 - 00001919 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-03 11:40 - 2014-03-03 11:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-03 11:31 - 2014-03-03 11:31 - 00048582 _____ () C:\Users\IG\Desktop\FRST.txt
2014-03-03 11:31 - 2014-03-03 11:31 - 00039482 _____ () C:\Users\IG\Desktop\Addition.txt
2014-03-03 11:22 - 2014-03-03 11:29 - 00039483 _____ () C:\Users\IG\Downloads\Addition.txt
2014-03-03 11:19 - 2014-03-06 15:54 - 00017430 _____ () C:\Users\IG\Downloads\FRST.txt
2014-03-03 11:19 - 2014-03-06 15:54 - 00000000 ____D () C:\FRST
2014-03-03 11:18 - 2014-03-03 11:19 - 01145344 _____ (Farbar) C:\Users\IG\Downloads\FRST.exe
2014-03-03 11:17 - 2014-03-03 11:18 - 00000466 _____ () C:\Users\IG\Downloads\defogger_disable.log
2014-03-03 11:17 - 2014-03-03 11:17 - 00000000 _____ () C:\Users\IG\defogger_reenable
2014-03-03 11:16 - 2014-03-03 11:17 - 00050477 _____ () C:\Users\IG\Downloads\Defogger.exe
2014-03-02 10:43 - 2014-03-06 11:05 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-03-02 10:43 - 2014-03-02 10:44 - 00000000 ____D () C:\Program Files\Spyware Terminator
2014-03-02 10:43 - 2014-03-02 10:43 - 00000847 _____ () C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-03-02 10:43 - 2014-03-02 10:43 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Spyware Terminator
2014-03-02 10:43 - 2011-06-21 11:24 - 00032768 _____ () C:\Windows\system32\Drivers\sp_rsdrv2.sys
2014-03-02 10:42 - 2014-03-02 10:42 - 05049344 _____ (Crawler.com ) C:\Users\IG\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-03-01 17:47 - 2014-03-01 17:47 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-01 17:47 - 2014-03-01 17:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-01 17:39 - 2014-03-01 17:39 - 00081520 _____ () C:\Users\IG\Downloads\bookmarks-2014-03-01.json
2014-03-01 09:17 - 2014-03-01 09:17 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Malwarebytes
2014-03-01 09:16 - 2014-03-01 09:16 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-01 09:16 - 2014-03-01 09:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 09:16 - 2014-03-01 09:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-01 09:16 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-01 09:15 - 2014-03-01 09:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\IG\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-01 09:02 - 2014-03-01 09:02 - 01727624 _____ () C:\Users\IG\Downloads\Adaware_Installer_11.1.5354.exe
2014-02-28 19:58 - 2014-03-01 12:57 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-02-28 19:58 - 2014-03-01 12:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-28 19:55 - 2014-02-28 19:57 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\IG\Downloads\spybot-2.2.25(1).exe
2014-02-28 19:42 - 2014-02-28 19:42 - 28410281 _____ (Safer-Networking Ltd. ) C:\Users\IG\Downloads\spybot-2.2.25.exe.part
2014-02-28 19:42 - 2014-02-28 19:42 - 00000000 _____ () C:\Users\IG\Downloads\spybot-2.2.25.exe
2014-02-28 13:44 - 2014-03-05 07:21 - 00196950 _____ () C:\Windows\PFRO.log
2014-02-28 10:38 - 2014-02-28 10:38 - 00000000 ____D () C:\Program Files\ggreaTsaving
2014-02-27 19:02 - 2014-02-27 19:02 - 00000000 ___RD () C:\Program Files\Skype
2014-02-27 19:02 - 2014-02-27 19:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-26 09:49 - 2014-03-01 10:26 - 00000000 ____D () C:\ProgramData\TXTFilesConverrt
2014-02-26 09:49 - 2014-02-28 10:42 - 00000000 ____D () C:\ProgramData\ggreaTsaving
2014-02-26 09:49 - 2014-02-28 10:38 - 00000000 ____D () C:\ProgramData\2ee81df3df7fe83
2014-02-26 09:49 - 2014-02-26 09:49 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-26 09:49 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\mlhciejaipalaalpfphdmmpbklcpjpil
2014-02-25 08:43 - 2014-02-25 08:46 - 00000000 ____D () C:\65290b00188f4ab20dfc1ab9f309
2014-02-14 19:31 - 2014-03-01 17:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-13 22:38 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 22:38 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 22:38 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 22:38 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 22:38 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 22:38 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 22:38 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-13 22:38 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 22:38 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 22:38 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 22:38 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 22:38 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 22:38 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 22:38 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 22:38 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-13 22:38 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 22:01 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-06 20:56 - 2014-02-06 20:58 - 00002646 _____ () C:\Users\IG\Desktop\Rkill.txt
2014-02-06 20:56 - 2014-02-06 20:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\IG\Downloads\rkill.com
2014-02-06 20:56 - 2014-02-06 20:56 - 00000000 ____D () C:\Users\IG\Desktop\rkill
2014-02-06 18:58 - 2014-02-06 18:58 - 00021726 _____ () C:\Users\IG\Documents\cc_20140206_1858.reg
2014-02-06 18:57 - 2014-02-06 18:57 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2014-02-06 17:21 - 2014-02-06 17:22 - 00376642 _____ () C:\Users\IG\Documents\cc_20140206_1721.reg
2014-02-06 15:44 - 2014-02-06 15:44 - 00000000 ____D () C:\Users\IG\.android
2014-02-06 15:43 - 2014-02-06 15:49 - 00000000 ____D () C:\Users\IG\AppData\Local\cache
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\Documents\Hexonic ScanToPDF Dokumente
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 _____ () C:\Users\IG\daemonprocess.txt
2014-02-06 15:42 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Hexonic Software
2014-02-06 15:42 - 2014-02-06 15:42 - 00000907 _____ () C:\Users\Public\Desktop\Hexonic ScanToPDF.lnk
2014-02-06 15:42 - 2014-02-06 15:42 - 00000000 ____D () C:\Users\IG\AppData\Local\Hexonic_Software
2014-02-06 15:42 - 2014-02-06 15:42 - 00000000 ____D () C:\Program Files\Hexonic ScanToPDF
2014-02-06 15:39 - 2014-02-06 15:39 - 01319678 _____ (Hexonic Software ) C:\Users\IG\Desktop\HexonicScanToPDFSetup.exe
==================== One Month Modified Files and Folders =======
2014-03-06 15:55 - 2014-03-03 11:19 - 00017430 _____ () C:\Users\IG\Downloads\FRST.txt
2014-03-06 15:54 - 2014-03-03 11:19 - 00000000 ____D () C:\FRST
2014-03-06 15:48 - 2014-03-06 15:48 - 00987425 _____ () C:\Users\IG\Downloads\SecurityCheck.exe
2014-03-06 15:47 - 2014-03-06 15:47 - 00000000 ____D () C:\Users\IG\Documents\ESET
2014-03-06 15:44 - 2012-11-06 19:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-06 15:02 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 15:02 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 11:08 - 2014-03-06 11:08 - 02347384 _____ (ESET) C:\Users\IG\Downloads\esetsmartinstaller_enu(1).exe
2014-03-06 11:08 - 2014-03-06 11:08 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-03-06 11:06 - 2008-01-25 13:59 - 01771066 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 11:05 - 2014-03-02 10:43 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-03-06 11:03 - 2008-03-07 21:04 - 00352614 ____H () C:\Windows\system32\Drivers\vsconfig.xml
2014-03-06 11:02 - 2008-03-05 17:22 - 00027050 _____ () C:\Users\IG\AppData\Roaming\nvModes.001
2014-03-06 11:02 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 11:00 - 2008-07-24 12:31 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-06 11:00 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-06 10:58 - 2008-04-06 15:05 - 40649728 _____ () C:\Users\IG\Outlook Sicherung.pst
2014-03-06 10:56 - 2014-03-06 10:56 - 02347384 _____ (ESET) C:\Users\IG\Downloads\esetsmartinstaller_enu.exe
2014-03-05 15:00 - 2014-03-05 15:00 - 00032147 _____ () C:\Users\IG\Desktop\AdwCleaner[S0].zip
2014-03-05 14:59 - 2014-03-05 14:59 - 01110476 _____ () C:\Users\IG\Downloads\7z920.exe
2014-03-05 14:59 - 2014-03-05 14:59 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-05 14:57 - 2014-03-05 14:57 - 00134812 _____ () C:\Users\IG\Desktop\AdwCleaner[S0].txt
2014-03-05 14:44 - 2014-03-05 14:44 - 00002492 _____ () C:\Users\IG\Desktop\JRT.txt
2014-03-05 14:38 - 2014-03-05 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-03-05 14:36 - 2014-03-05 14:36 - 01037734 _____ (Thisisu) C:\Users\IG\Downloads\JRT.exe
2014-03-05 14:28 - 2014-03-05 14:24 - 00000000 ____D () C:\AdwCleaner
2014-03-05 14:26 - 2013-01-29 21:05 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-05 14:26 - 2010-01-26 19:56 - 00000000 ____D () C:\ProgramData\ICQ
2014-03-05 14:23 - 2014-03-05 14:23 - 01244192 _____ () C:\Users\IG\Downloads\adwcleaner.exe
2014-03-05 07:21 - 2014-02-28 13:44 - 00196950 _____ () C:\Windows\PFRO.log
2014-03-04 14:36 - 2014-03-03 13:42 - 00000000 ____D () C:\Program Files\Avira
2014-03-04 14:18 - 2014-03-04 14:18 - 00019084 _____ () C:\ComboFix.txt
2014-03-04 14:18 - 2014-03-04 12:40 - 00000000 ____D () C:\ComboFix
2014-03-04 14:18 - 2014-03-03 13:49 - 00000000 ____D () C:\Qoobox
2014-03-04 12:57 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-04 12:37 - 2014-03-04 12:36 - 05187080 ____R (Swearware) C:\Users\IG\Desktop\ComboFix.exe
2014-03-03 15:50 - 2006-11-02 11:33 - 01609096 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-03 15:20 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-03-03 15:20 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-03-03 13:59 - 2014-03-03 13:48 - 00000000 ____D () C:\Windows\erdnt
2014-03-03 13:32 - 2014-03-03 13:25 - 137004504 _____ () C:\Users\IG\Downloads\avira_free_antivirus_de.exe
2014-03-03 13:15 - 2014-03-03 13:14 - 05185084 _____ (Swearware) C:\Users\IG\Downloads\ComboFix.exe
2014-03-03 12:44 - 2014-03-03 12:44 - 00005279 _____ () C:\Users\IG\Desktop\gmer.log
2014-03-03 11:42 - 2014-03-03 11:42 - 00380416 _____ () C:\Users\IG\Downloads\Gmer-19357.exe
2014-03-03 11:41 - 2014-03-03 11:41 - 00001919 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-03 11:40 - 2014-03-03 11:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-03 11:31 - 2014-03-03 11:31 - 00048582 _____ () C:\Users\IG\Desktop\FRST.txt
2014-03-03 11:31 - 2014-03-03 11:31 - 00039482 _____ () C:\Users\IG\Desktop\Addition.txt
2014-03-03 11:29 - 2014-03-03 11:22 - 00039483 _____ () C:\Users\IG\Downloads\Addition.txt
2014-03-03 11:19 - 2014-03-03 11:18 - 01145344 _____ (Farbar) C:\Users\IG\Downloads\FRST.exe
2014-03-03 11:18 - 2014-03-03 11:17 - 00000466 _____ () C:\Users\IG\Downloads\defogger_disable.log
2014-03-03 11:17 - 2014-03-03 11:17 - 00000000 _____ () C:\Users\IG\defogger_reenable
2014-03-03 11:17 - 2014-03-03 11:16 - 00050477 _____ () C:\Users\IG\Downloads\Defogger.exe
2014-03-03 11:17 - 2008-03-03 18:58 - 00000000 ____D () C:\Users\IG
2014-03-03 10:49 - 2008-04-15 19:44 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-03-02 10:44 - 2014-03-02 10:43 - 00000000 ____D () C:\Program Files\Spyware Terminator
2014-03-02 10:43 - 2014-03-02 10:43 - 00000847 _____ () C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-03-02 10:43 - 2014-03-02 10:43 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Spyware Terminator
2014-03-02 10:42 - 2014-03-02 10:42 - 05049344 _____ (Crawler.com ) C:\Users\IG\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-03-01 17:47 - 2014-03-01 17:47 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-01 17:47 - 2014-03-01 17:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-01 17:47 - 2014-02-14 19:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-01 17:39 - 2014-03-01 17:39 - 00081520 _____ () C:\Users\IG\Downloads\bookmarks-2014-03-01.json
2014-03-01 17:27 - 2012-10-04 13:50 - 00038912 _____ () C:\Users\IG\Desktop\Strom_Haus.xls
2014-03-01 12:57 - 2014-02-28 19:58 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-01 12:46 - 2014-02-28 19:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-01 12:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-03-01 12:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Provisioning
2014-03-01 10:26 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\TXTFilesConverrt
2014-03-01 09:17 - 2014-03-01 09:17 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Malwarebytes
2014-03-01 09:16 - 2014-03-01 09:16 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-01 09:16 - 2014-03-01 09:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 09:16 - 2014-03-01 09:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-01 09:16 - 2014-03-01 09:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\IG\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-01 09:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-01 09:02 - 2014-03-01 09:02 - 01727624 _____ () C:\Users\IG\Downloads\Adaware_Installer_11.1.5354.exe
2014-02-28 19:57 - 2014-02-28 19:55 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\IG\Downloads\spybot-2.2.25(1).exe
2014-02-28 19:42 - 2014-02-28 19:42 - 28410281 _____ (Safer-Networking Ltd. ) C:\Users\IG\Downloads\spybot-2.2.25.exe.part
2014-02-28 19:42 - 2014-02-28 19:42 - 00000000 _____ () C:\Users\IG\Downloads\spybot-2.2.25.exe
2014-02-28 18:15 - 2010-09-16 18:40 - 00000000 ____D () C:\Users\IG\Documents\Lauftraining
2014-02-28 11:13 - 2013-12-19 06:37 - 00068096 _____ () C:\Users\IG\Desktop\Urlaub und Arbeitszeit.xls
2014-02-28 11:03 - 2008-03-04 18:49 - 00000000 ____D () C:\Program Files\Google
2014-02-28 10:42 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\ggreaTsaving
2014-02-28 10:39 - 2008-03-04 18:50 - 00000000 ____D () C:\ProgramData\Google
2014-02-28 10:39 - 2008-03-04 18:49 - 00000000 ____D () C:\Users\IG\AppData\Local\Google
2014-02-28 10:38 - 2014-02-28 10:38 - 00000000 ____D () C:\Program Files\ggreaTsaving
2014-02-28 10:38 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\2ee81df3df7fe83
2014-02-28 10:32 - 2009-01-11 20:01 - 00000000 ____D () C:\Windows\Minidump
2014-02-27 19:02 - 2014-02-27 19:02 - 00000000 ___RD () C:\Program Files\Skype
2014-02-27 19:02 - 2014-02-27 19:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-27 19:02 - 2008-03-04 18:49 - 00000000 ____D () C:\ProgramData\Skype
2014-02-27 09:06 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-26 18:34 - 2009-08-23 08:42 - 00000000 ____D () C:\Users\IG\Documents\Ilka
2014-02-26 09:49 - 2014-02-26 09:49 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-26 09:49 - 2014-02-26 09:49 - 00000000 ____D () C:\ProgramData\mlhciejaipalaalpfphdmmpbklcpjpil
2014-02-26 09:49 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-25 18:20 - 2008-03-18 17:15 - 00000000 ____D () C:\Users\IG\AppData\Roaming\XnView
2014-02-25 08:46 - 2014-02-25 08:43 - 00000000 ____D () C:\65290b00188f4ab20dfc1ab9f309
2014-02-23 09:44 - 2012-11-06 19:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-23 09:44 - 2011-10-31 11:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-22 12:43 - 2007-10-24 08:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-21 12:23 - 2009-02-16 19:47 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-02-15 16:54 - 2014-01-07 18:06 - 00000000 ____D () C:\Users\IG\Documents\A_Kind
2014-02-14 11:00 - 2008-03-04 18:48 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-02-13 22:46 - 2013-08-14 19:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 22:40 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-06 20:58 - 2014-02-06 20:56 - 00002646 _____ () C:\Users\IG\Desktop\Rkill.txt
2014-02-06 20:56 - 2014-02-06 20:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\IG\Downloads\rkill.com
2014-02-06 20:56 - 2014-02-06 20:56 - 00000000 ____D () C:\Users\IG\Desktop\rkill
2014-02-06 20:51 - 2012-01-31 06:38 - 00001356 _____ () C:\Users\IG\AppData\Local\d3d9caps.dat
2014-02-06 19:02 - 2006-11-02 13:47 - 00320280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-06 18:58 - 2014-02-06 18:58 - 00021726 _____ () C:\Users\IG\Documents\cc_20140206_1858.reg
2014-02-06 18:57 - 2014-02-06 18:57 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2014-02-06 18:56 - 2010-01-25 20:46 - 00000000 ____D () C:\Users\IG\.CABAReTStage_4.2
2014-02-06 18:56 - 2010-01-25 20:45 - 00000000 ____D () C:\Program Files\CABAReT Stage 4.2
2014-02-06 18:56 - 2007-10-24 08:38 - 00000000 ____D () C:\Program Files\Alice
2014-02-06 18:55 - 2007-10-24 08:29 - 00000000 ____D () C:\Program Files\CyberLink
2014-02-06 18:55 - 2007-10-24 07:00 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-06 18:44 - 2010-03-25 05:16 - 00000000 ____D () C:\Program Files\Opera
2014-02-06 18:42 - 2008-07-25 10:56 - 00000000 ____D () C:\Program Files\PDF Blender
2014-02-06 18:42 - 2008-03-03 18:58 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-02-06 18:42 - 2007-10-24 08:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-02-06 18:42 - 2007-10-24 08:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-02-06 18:40 - 2008-10-27 21:57 - 00000000 ____D () C:\Program Files\LitexMedia
2014-02-06 18:38 - 2008-09-08 18:52 - 00000000 ____D () C:\Program Files\SCHLECKER
2014-02-06 17:22 - 2014-02-06 17:21 - 00376642 _____ () C:\Users\IG\Documents\cc_20140206_1721.reg
2014-02-06 16:54 - 2008-03-03 19:11 - 00076664 _____ () C:\Users\IG\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-06 15:49 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\AppData\Local\cache
2014-02-06 15:44 - 2014-02-06 15:44 - 00000000 ____D () C:\Users\IG\.android
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 ____D () C:\Users\IG\Documents\Hexonic ScanToPDF Dokumente
2014-02-06 15:43 - 2014-02-06 15:43 - 00000000 _____ () C:\Users\IG\daemonprocess.txt
2014-02-06 15:43 - 2014-02-06 15:42 - 00000000 ____D () C:\Users\IG\AppData\Roaming\Hexonic Software
2014-02-06 15:42 - 2014-02-06 15:42 - 00000907 _____ () C:\Users\Public\Desktop\Hexonic ScanToPDF.lnk
2014-02-06 15:42 - 2014-02-06 15:42 - 00000000 ____D () C:\Users\IG\AppData\Local\Hexonic_Software
2014-02-06 15:42 - 2014-02-06 15:42 - 00000000 ____D () C:\Program Files\Hexonic ScanToPDF
2014-02-06 15:39 - 2014-02-06 15:39 - 01319678 _____ (Hexonic Software ) C:\Users\IG\Desktop\HexonicScanToPDFSetup.exe
2014-02-05 09:58 - 2014-02-13 22:38 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-13 22:38 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-13 22:38 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-13 22:38 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-13 22:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-13 22:38 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-13 22:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-13 22:38 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-13 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-13 22:38 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-13 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-13 22:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-13 22:38 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-13 22:38 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-13 22:38 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-13 22:38 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\Users\IG\lame_enc.dll
C:\Users\IG\setup.exe
Some content of TEMP:
====================
C:\Users\IG\AppData\Local\Temp\avgnt.exe
C:\Users\IG\AppData\Local\Temp\catchme.dll
C:\Users\IG\AppData\Local\Temp\Quarantine.exe
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite13537.dll
C:\Users\IG\AppData\Local\Temp\System.Data.SQLite44685.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-06 11:09
==================== End Of Log ============================
--- --- --- --- --- --- Sieht alles gut aus jetzt. keine Werbung mehr! Muss ich ansonsten noch etwas reaktivieren? Also außer Antivir und Firewall? Falls nicht bedanke ich mich sehr für die Hilfe, auch wenn ich keine Ahnung habe was wir alles gemacht haben  Viele Grüße Nickie |
|
07.03.2014, 14:22
| #12 |
| /// the machine /// TB-Ausbilder | Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehr Java und Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyServer: http=127.0.0.1:49159;https=127.0.0.1:49159
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Firefox öffnet permanent Werbetabs - Anti-Malware findet aber nichts mehr |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivir, avira, canon, cdburnerxp, converter, desktop, device driver, dvdvideosoft ltd., entfernen, error, excel, failed, firefox, flash player, home, homepage, iexplore.exe, launch, malware, mp3, problem, programm, required, rockettab, scan, security, software, spyware, svchost.exe, system, tabs mit werbung, trojaner, werbung, windows, wma |
WARNUNG an die MITLESER: 
Linear-Darstellung
