| |
| |||||||
Log-Analyse und Auswertung: Win XP: Internetprobleme, mehrere Trojaner, WartungsproblemeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.03.2014, 22:53
| #1 |
| |  Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme Hallo zusammen, meinen Laptop habe ich in letzter Zeit nicht gescheit gepflegt und ihn eher selten genutzt. Zur Zeit nutze ich ihn eigentlich nur noch zum skypen und zum surfen für Urlaubsvorbereitungen. Vor ein paar Wochen ist mir aufgefallen, dass die typischen Seiten wie trivago etc. lange zum laden brauchen. Ganz schlimm ist es bei "Ab in den Urlaub.de", da hängt sich dann alles komplett auf, sodass ich den PC neustarten muss. Beim skypen hagt zwischendurch die Verbindung, meistens nur kurz. Inzwischen ist es so schlimm, dass ich nicht mehr im Netz surfen kann wenn Skype läuft, dann hängt sich nämlich alles auf. Heute hab ich mir AVG Antivirus 2014 und AVG Tune Up runtergeladen. Demnach habe ich mehrere Trojaner... Was ich sehr komisch finde, wenn ich die 1-Klick-Wartung durchführen will, bleibt die Analyse immer bei "Browser bereinigen" stehen und es geht selbst nach Stunden nicht weiter. Die Wartung konnte also nicht beendet werden. Hier die Logfiles: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:25 on 03/03/2014 (Neuanfang)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST-Logfile Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014
Ran by Neuanfang (administrator) on FRANZI on 03-03-2014 16:28:21
Running from C:\Documents and Settings\Neuanfang\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(Microsoft Corporation) C:\WINDOWS\vVX3000.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(RapidSolution Software AG) C:\Program Files\Audials\Audials 10\VCDWriter\32\VCDAudioService.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16132608 2007-05-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKU\.DEFAULT\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
HKU\S-1-5-19\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
HKU\S-1-5-20\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
HKU\S-1-5-21-725345543-287218729-682003330-1003\...\MountPoints2: {1017ae34-9434-11e0-a6c4-001f3abdc807} - CMD /C START Storage.{645FF040-5081-101B-9F08-00AA002F954E}\jY7bV0aX1p3Fc.sys
HKU\S-1-5-21-725345543-287218729-682003330-1003\...\MountPoints2: {3feb4c86-2195-11e0-a60f-001f3abdc807} - F:\Menu.exe
HKU\S-1-5-21-725345543-287218729-682003330-1003\...\MountPoints2: {5c41ba04-544d-11e2-a8ed-001f3abdc807} - F:\AutoRun.exe
HKU\S-1-5-21-725345543-287218729-682003330-1003\...\MountPoints2: {773c3312-37b0-11e1-a7b1-001f3abdc807} - F:\Setup.exe
HKU\S-1-5-21-725345543-287218729-682003330-1003\...\MountPoints2: {79ae6e9b-f66b-11df-a5b4-001f3abdc807} - G:\avira.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=CC74001F3ABDC807&affID=121562&tsp=4931
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=CC74001F3ABDC807&affID=121562&tsp=4931
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CC74001F3ABDC807&affID=121562&tsp=4931
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CC74001F3ABDC807&affID=121562&tsp=4931
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
Toolbar: HKLM - toolplugin - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Documents and Settings\Neuanfang\Application Data\toolplugin\toolbar.dll ()
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.89.1 194.25.0.60 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140
FF user.js: detected! => C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\user.js
FF NewTab: hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=CC74001F3ABDC807&affID=121562&tsp=4931
FF SearchEngineOrder.1: Delta Search
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Documents and Settings\Neuanfang\Desktop\npAmazonMP3DownloaderPlugin101799.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\searchplugins\babylon.xml
FF SearchPlugin: C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\searchplugins\BitGuard.xml
FF SearchPlugin: C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Delta Toolbar - C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\Extensions\ffxtlbr@delta.com [2013-07-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-02-11]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-02-11]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-11-30]
Chrome:
=======
CHR HomePage: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=CC74001F3ABDC807&affID=121562&tsp=4931
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CC74001F3ABDC807&affID=121562&tsp=4931
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google-Suche) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-11-30]
CHR Extension: (AT_DonnaKaran) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fijgnliiiplghalknhobbcngpcngaoji [2011-02-16]
CHR Extension: (DivX HiQ) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-02-13]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-09-16]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-02-13]
CHR Extension: (Google Mail) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Documents and Settings\Neuanfang\Application Data\BabSolution\CR\Delta.crx [2013-07-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-11-30]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-09-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-11-30]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-15] (Oracle Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [118264 2014-02-18] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1741624 2013-12-18] (AVG)
R2 Virtual CDAudio Service; C:\Program Files\Audials\Audials 10\VCDWriter\32\VCDAudioService.exe [179464 2013-03-20] (RapidSolution Software AG)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
==================== Drivers (Whitelisted) ====================
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2007-09-20] (Broadcom Corp.)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RRNetCap; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-03-20] (RapidSolution Software AG)
R3 rsvcdwdr; C:\WINDOWS\System32\DRIVERS\rsvcdwdr.sys [35976 2013-03-20] (RapidSolution Software AG)
R3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [39048 2013-03-20] (RapidSolution Software AG)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-12-16] (TuneUp Software)
S4 IntelIde; No ImagePath
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-03 16:28 - 2014-03-03 16:28 - 00025179 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST.txt
2014-03-03 16:28 - 2014-03-03 16:28 - 00000000 ____D () C:\FRST
2014-03-03 16:27 - 2014-03-03 16:27 - 01145344 _____ (Farbar) C:\Documents and Settings\Neuanfang\Desktop\FRST.exe
2014-03-03 16:25 - 2014-03-03 16:26 - 00000480 _____ () C:\Documents and Settings\Neuanfang\Desktop\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000454 _____ () C:\Documents and Settings\Neuanfang\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000000 _____ () C:\Documents and Settings\Neuanfang\defogger_reenable
2014-03-03 16:20 - 2014-03-03 16:20 - 00050477 _____ () C:\Documents and Settings\Neuanfang\Desktop\Defogger.exe
2014-03-03 13:08 - 2014-03-03 13:08 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001745 _____ () C:\Documents and Settings\All Users\Desktop\AVG 1-Klick-Wartung.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2014-03-03 13:08 - 2013-12-18 09:38 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2014-03-03 13:05 - 2014-03-03 13:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-03 12:31 - 2014-03-03 12:31 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG2014
2014-03-03 12:30 - 2014-03-03 12:30 - 00000718 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-03 12:30 - 2014-03-03 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-03 12:29 - 2014-03-03 12:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-03-03 12:29 - 2014-03-03 12:29 - 00000000 ___HD () C:\$AVG
2014-03-03 12:28 - 2014-03-03 13:06 - 00000000 ____D () C:\Program Files\AVG
2014-03-03 12:25 - 2014-03-03 14:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-03 12:25 - 2014-03-03 12:31 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Avg2014
2014-03-03 12:25 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\MFAData
2014-02-08 20:53 - 2014-02-08 20:53 - 00007680 ___SH () C:\WINDOWS\Thumbs.db
==================== One Month Modified Files and Folders =======
2014-03-03 16:28 - 2014-03-03 16:28 - 00025179 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST.txt
2014-03-03 16:28 - 2014-03-03 16:28 - 00000000 ____D () C:\FRST
2014-03-03 16:28 - 2011-11-11 11:19 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\toolplugin
2014-03-03 16:27 - 2014-03-03 16:27 - 01145344 _____ (Farbar) C:\Documents and Settings\Neuanfang\Desktop\FRST.exe
2014-03-03 16:26 - 2014-03-03 16:25 - 00000480 _____ () C:\Documents and Settings\Neuanfang\Desktop\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000454 _____ () C:\Documents and Settings\Neuanfang\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000000 _____ () C:\Documents and Settings\Neuanfang\defogger_reenable
2014-03-03 16:21 - 2010-11-19 15:57 - 00000000 ____D () C:\Documents and Settings\Neuanfang
2014-03-03 16:20 - 2014-03-03 16:20 - 00050477 _____ () C:\Documents and Settings\Neuanfang\Desktop\Defogger.exe
2014-03-03 16:19 - 2010-11-19 16:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-03 16:19 - 2010-11-19 16:40 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-03-03 16:15 - 2012-06-05 20:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-03 16:11 - 2011-02-13 12:57 - 00001206 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003UA.job
2014-03-03 16:05 - 2010-12-21 19:50 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-03 14:25 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-03 14:02 - 2010-11-19 16:37 - 00512960 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-03 13:59 - 2010-11-19 16:36 - 03509621 _____ () C:\WINDOWS\setupapi.log
2014-03-03 13:58 - 2010-11-19 15:50 - 01144918 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-03 13:57 - 2010-12-21 19:50 - 00001100 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 13:57 - 2010-11-19 15:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-03 13:56 - 2010-11-19 15:55 - 00032628 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-03 13:55 - 2013-03-23 14:08 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-03-03 13:55 - 2010-11-19 15:57 - 00000278 ___SH () C:\Documents and Settings\Neuanfang\ntuser.ini
2014-03-03 13:09 - 2014-03-03 13:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001745 _____ () C:\Documents and Settings\All Users\Desktop\AVG 1-Klick-Wartung.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2014-03-03 13:06 - 2014-03-03 12:28 - 00000000 ____D () C:\Program Files\AVG
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-03 13:01 - 2013-09-25 20:00 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\File Scout
2014-03-03 12:52 - 2010-11-19 15:51 - 00001607 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-03-03 12:52 - 2010-11-19 15:48 - 00001574 _____ () C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk
2014-03-03 12:51 - 2010-11-19 15:57 - 00001599 _____ () C:\Documents and Settings\Neuanfang\Start Menu\Programs\Remote Assistance.lnk
2014-03-03 12:48 - 2013-07-02 18:25 - 00000280 _____ () C:\WINDOWS\Tasks\EPUpdater.job
2014-03-03 12:38 - 2012-05-10 10:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-03 12:36 - 2014-03-03 12:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-03-03 12:31 - 2014-03-03 12:31 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG2014
2014-03-03 12:31 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Avg2014
2014-03-03 12:30 - 2014-03-03 12:30 - 00000718 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-03 12:30 - 2014-03-03 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-03 12:30 - 2013-03-23 14:07 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\TuneUp Software
2014-03-03 12:29 - 2014-03-03 12:29 - 00000000 ___HD () C:\$AVG
2014-03-03 12:25 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\MFAData
2014-03-03 12:23 - 2013-07-01 16:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-03 11:31 - 2011-06-11 23:27 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-03-03 11:17 - 2011-01-05 15:52 - 00072192 _____ () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-03 10:44 - 2013-11-30 10:02 - 00000000 ____D () C:\Program Files\McAfee
2014-03-03 10:44 - 2001-08-23 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-26 22:51 - 2010-12-13 17:18 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\Skype
2014-02-26 22:15 - 2012-06-05 20:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-26 22:15 - 2012-06-05 20:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-26 21:09 - 2011-02-13 12:57 - 00001154 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003Core.job
2014-02-08 20:53 - 2014-02-08 20:53 - 00007680 ___SH () C:\WINDOWS\Thumbs.db
2014-02-04 18:25 - 2011-04-26 21:52 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\PriceGong
2014-02-02 19:16 - 2011-04-09 22:55 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\DVDVideoSoftTB
Some content of TEMP:
====================
C:\Documents and Settings\Neuanfang\Local Settings\Temp\AudibleDM_iTunesSetup.exe
C:\Documents and Settings\Neuanfang\Local Settings\Temp\contentDATs.exe
C:\Documents and Settings\Neuanfang\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\Neuanfang\Local Settings\Temp\ffunzip.exe
C:\Documents and Settings\Neuanfang\Local Settings\Temp\GLF3B0.tmp.ConduitEngineSetup.exe
C:\Documents and Settings\Neuanfang\Local Settings\Temp\GoogleChromeInstaller.exe
C:\Documents and Settings\Neuanfang\Local Settings\Temp\pdf24-creator-update.exe
C:\Documents and Settings\Neuanfang\Local Settings\Temp\prxGLF3B0.tmp.tbDVDV.dll
C:\Documents and Settings\Neuanfang\Local Settings\Temp\ResetDevice.exe
C:\Documents and Settings\Neuanfang\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Neuanfang\Local Settings\Temp\setup_fsu_cid.exe
C:\Documents and Settings\Neuanfang\Local Settings\Temp\SkypeSetupFull(6.1.73.129)(Trackable457)trackable.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2007-06-24 08:38] - [2007-06-24 08:38] - 1033216 ____A (Microsoft Corporation) 42d32722b805d7df42d30487a0bcbd78
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe
[2004-08-04 00:56] - [2004-08-04 00:56] - 0108032 ____A (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4
C:\WINDOWS\system32\User32.dll
[2007-06-24 08:40] - [2007-06-24 08:40] - 0578048 ____A (Microsoft Corporation) 7aa4f6c00405dfc4b70ed4214e7d687b
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2007-06-24 08:39] - [2007-06-24 08:39] - 0399360 ____A (Microsoft Corporation) 348f04e3582ef2467ee5379d67b99fd7
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-03-2014
Ran by Neuanfang at 2014-03-03 16:29:10
Running from C:\Documents and Settings\Neuanfang\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
==================== Installed Programs ======================
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Audials (HKLM\...\{5B58108C-6290-4172-ADA4-C54E327FEFCE}) (Version: 10.2.14806.600 - Audials AG)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (de-DE) (Version: 14.0.1001.295 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM\...\AVG PC TuneUp) (Version: 14.0.1001.295 - AVG)
AVG PC TuneUp 2014 (Version: 14.0.1001.295 - AVG) Hidden
BitGuard (HKLM\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - MediaTechSoft Inc.) <==== ATTENTION
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.12 - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Driver v4.170.25.12_Foxconn Installation Program (HKLM\...\{153F839F-0A63-41D8-890F-7324C0E13743}) (Version: 4.170.25.12 - Broadcom)
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.10 - Broadcom Corporation)
Brother MFL-Pro Suite DCP-145C (HKLM\...\{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}) (Version: 1.1.8.0 - Brother Industries, Ltd.)
Cambridge- English Grammar in Use (HKLM\...\Cambridge- English Grammar in Use) (Version: 100A - Clarity Language Consultants Ltd)
Combined Community Codec Pack 2010-10-10 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2010.10.10.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION
Delta toolbar (HKLM\...\delta) (Version: 1.8.21.5 - Delta) <==== ATTENTION
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.3.1.2 - DivX, LLC)
DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: 6.14.0.28 - DVDVideoSoftTB)
Free Audio CD Burner version 1.4.7 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free Studio version 5.0.8 (HKLM\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Free Video to MP3 Converter version 5.0.26.628 (HKLM\...\Free Video to MP3 Converter_is1) (Version: 5.0.26.628 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.17.1127 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1127 - DVDVideoSoft Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.260 - Oracle)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.104 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.0.30729.1 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version: - )
PDF24 Creator 3.3.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5423 - Realtek Semiconductor Corp.)
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: - )
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.12.13601 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Software Update for Web Folders (Version: 9.60.6715.0 - Microsoft Corporation) Hidden
toolplugin (HKLM\...\toolplugin) (Version: - )
TuneUp Utilities Language Pack (en-US) (Version: 13.0.3000.138 - TuneUp Software) Hidden
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Verbindungsassistent (HKLM\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.7 (HKLM\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3300 - )
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Winmail Opener 1.4 (HKLM\...\Winmail Opener) (Version: 1.4 - Eolsoft)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
zbattle.net 1.09 SR-1 beta (HKLM\...\zbattle.net_is1) (Version: - )
ZTE Handset USB Driver 5.2066.1.8B02 (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.8B02 - ZTE Corporation)
==================== Restore Points =========================
02-02-2014 18:40:46 System Checkpoint
07-02-2014 19:55:04 System Checkpoint
08-02-2014 20:24:53 System Checkpoint
03-03-2014 11:28:29 AVG 2014 wurde installiert
03-03-2014 11:28:47 AVG 2014 wurde installiert
03-03-2014 12:04:30 Removed TuneUp Utilities 2013
03-03-2014 12:06:12 Installed AVG PC TuneUp 2014
==================== Hosts content: ==========================
2001-08-23 13:00 - 2001-08-23 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\EPUpdater.job => C:\DOCUME~1\NEUANF~1\APPLIC~1\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003Core.job => C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003UA.job => C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-09-05 18:04 - 2011-09-05 18:04 - 00301056 _____ () C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU
2011-06-01 23:08 - 2011-05-28 21:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2011-01-11 00:25 - 2011-01-11 00:25 - 01230704 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2011-01-11 00:25 - 2011-01-11 00:25 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-01 09:00 - 2007-04-01 09:00 - 02842624 _____ () C:\WINDOWS\system32\btwicons.dll
2007-04-01 08:57 - 2007-04-01 08:57 - 00053248 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2004-08-04 00:56 - 2004-08-04 00:56 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 00:56 - 2004-08-04 00:56 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-01-01 20:57 - 2009-03-03 12:45 - 00296400 ____N () C:\Program Files\Verbindungsassistent\WTGService.exe
2013-07-01 16:41 - 2014-03-03 12:23 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-26 22:15 - 2014-02-26 22:15 - 16265096 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Modem Device on High Definition Audio Bus
Description: Modem Device on High Definition Audio Bus
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/03/2014 00:41:03 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.
Error: (02/14/2014 08:44:21 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
Error: (02/08/2014 05:02:54 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 6.3.73.107, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [skype.exe!ws!]
Error: (02/07/2014 11:01:10 PM) (Source: Application Hang) (User: )
Description: Hanging application Mein CEWE FOTOBUCH.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (02/04/2014 06:26:49 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.6000.20583, faulting module unknown, version 0.0.0.0, fault address 0x04f41e80.
Processing media-specific event for [iexplore.exe!ws!]
Error: (02/02/2014 07:19:11 PM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 7.0.6000.20583, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/22/2014 08:55:04 PM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 7.0.6000.20583, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/22/2014 08:43:12 PM) (Source: MsiInstaller) (User: FRANZI)
Description: Product: Bluetooth Stack for Windows by Toshiba -- Error 1327.Invalid Drive: H:\
Error: (01/22/2014 08:23:39 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 26.0.0.5087, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/16/2014 08:57:15 PM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 7.0.6000.20583, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (03/03/2014 00:40:19 PM) (Source: Service Control Manager) (User: )
Description: The BitGuard service failed to start due to the following error:
%%5
Error: (03/03/2014 00:39:27 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1
Error: (02/08/2014 10:26:25 AM) (Source: 0) (User: )
Description: \Device\Scsi\rsvcdwdr1
Error: (02/03/2014 07:57:48 PM) (Source: 0) (User: )
Description: \Device\Scsi\rsvcdwdr1
Error: (02/02/2014 07:16:02 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Flash Player Update Service service failed to start due to the following error:
%%1053
Error: (02/02/2014 07:16:02 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
Error: (02/02/2014 06:41:34 PM) (Source: 0) (User: )
Description: \Device\Scsi\rsvcdwdr1
Error: (01/11/2014 07:47:42 PM) (Source: 0) (User: )
Description: \Device\Scsi\rsvcdwdr1
Error: (10/10/2013 07:58:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.
Microsoft Office Sessions:
=========================
Error: (03/03/2014 00:41:03 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)
Error: (02/14/2014 08:44:21 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved
Error: (02/08/2014 05:02:54 PM) (Source: Application Error)(User: )
Description: skype.exe6.3.73.107ntdll.dll5.1.2600.218000018fea
Error: (02/07/2014 11:01:10 PM) (Source: Application Hang)(User: )
Description: Mein CEWE FOTOBUCH.exe0.0.0.0hungapp0.0.0.000000000
Error: (02/04/2014 06:26:49 PM) (Source: Application Error)(User: )
Description: iexplore.exe7.0.6000.20583unknown0.0.0.004f41e80
Error: (02/02/2014 07:19:11 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE7.0.6000.20583hungapp0.0.0.000000000
Error: (01/22/2014 08:55:04 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE7.0.6000.20583hungapp0.0.0.000000000
Error: (01/22/2014 08:43:12 PM) (Source: MsiInstaller)(User: FRANZI)
Description: Product: Bluetooth Stack for Windows by Toshiba -- Error 1327.Invalid Drive: H:\(NULL)(NULL)(NULL)
Error: (01/22/2014 08:23:39 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087hungapp0.0.0.000000000
Error: (01/16/2014 08:57:15 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE7.0.6000.20583hungapp0.0.0.000000000
==================== Memory info ===========================
Percentage of memory in use: 68%
Total physical RAM: 1014.36 MB
Available physical RAM: 320.77 MB
Total Pagefile: 2441.91 MB
Available Pagefile: 1668.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:34.18 GB) (Free:17.85 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:40.34 GB) (Free:26.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 5C26CFF8)
Partition 1: (Active) - (Size=34 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=40 GB) - (Type=OF Extended)
==================== End Of Log ============================
und das GMER - Logfile Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-03 16:49:41
Windows 5.1.2600 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD800BEVS-22RST0 rev.04.01G04 74,53GB
Running: Gmer-19357.exe; Driver: C:\DOCUME~1\NEUANF~1\LOCALS~1\Temp\pxtdypog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xF77D66E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xF77D6800]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xF77D6010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xF77D64D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xF77D6300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xF77D63E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xF77D6120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xF77D6210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xF77D65E0]
---- Kernel code sections - GMER 2.1 ----
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xA90CBF00, 0x24000, 0x48000000]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[376] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 10001FFD C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[376] kernel32.dll!lstrlenW + 43 7C809A6C 7 Bytes JMP 01A10455 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[376] kernel32.dll!MapViewOfFileEx + 6A 7C80B920 7 Bytes JMP 01A1049D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[376] kernel32.dll!ValidateLocale + B088 7C844808 7 Bytes JMP 01625A06 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[376] GDI32.dll!SetDIBitsToDevice + 208 77F19214 7 Bytes JMP 01A104C4 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[980] USER32.dll!DefWindowProcA + 11A 7E41D5F0 7 Bytes JMP 105F76A0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[980] USER32.dll!SetWindowLongA + 19 7E41D60E 7 Bytes JMP 105F7711 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[980] USER32.dll!GetWindowInfo 7E41DE7C 5 Bytes JMP 105FB2EA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[980] USER32.dll!GetMenuContextHelpId + 1A 7E465269 7 Bytes JMP 105F4E6D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2076] kernel32.dll!FindResourceW 7C80BBEE 5 Bytes JMP 00440980 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2076] kernel32.dll!FindResourceA 7C80BEA9 5 Bytes JMP 00440930 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2076] USER32.dll!LoadStringW 7E419E26 5 Bytes JMP 00440FD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2076] USER32.dll!LoadStringA 7E420FC8 5 Bytes JMP 00441110 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2076] USER32.dll!LoadMenuW 7E4219EA 5 Bytes JMP 00440B40 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2076] USER32.dll!CreateDialogParamW 7E4282A4 5 Bytes JMP 00440A50 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2076] USER32.dll!CreateDialogParamA 7E43C7C3 5 Bytes JMP 004409D0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2076] USER32.dll!LoadMenuA 7E44F99B 5 Bytes JMP 00440AD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
---- EOF - GMER 2.1 ----
Im Anhang habe ich noch die Virenquarantänenliste. Vielleicht ist das ja hilfreich. Wäre lieb, wenn mir jemand helfen könnte. Beste Grüße Die Ziege |
|
04.03.2014, 07:59
| #2 |
| /// the machine /// TB-Ausbilder    | Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme hi,
__________________Scan mit Combofix
__________________ |
|
04.03.2014, 19:24
| #3 |
| | Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme Hallo Schrauber,
__________________ich war gerade dabei ComboFix zu installieren und dabei kam folgende Mitteilung: "THis machine does not have the "Microsoft Windows recovery console" installed. Alternately, an existing installation of the recovery console may be present but requires updating. Whitout ist, ComboFix shall not attempt the fixing of some serious infections. Click "Yes" to have ComboFix download/install it. NOTE: this requires an active internet connection." Ich kann nun Yes oder No drücken...was soll ich machen? Beste Grüße Hat sich schon erledigt :-) Sorry! Hab eine Anleitung zu Combofix gelesen. Werde nun alles schließen und weiter machen. Melde mich sobald ich das Logfile habe. Hallo, hier das Logfile von ComboFix: Code:
ATTFilter ComboFix 14-03-04.03 - Neuanfang 04.03.2014 19:12:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.640 [GMT 1:00]
Running from: c:\documents and settings\Neuanfang\Desktop\ComboFix.exe
AV: AVG AntiVirus 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Neuanfang\Application Data\PriceGong
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\17781.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\21657.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\2260.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\41.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\4436.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Neuanfang\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
c:\documents and settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtectorPreferences
c:\documents and settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
.
.
((((((((((((((((((((((((( Files Created from 2014-02-04 to 2014-03-04 )))))))))))))))))))))))))))))))
.
.
2014-03-04 17:57 . 2014-03-04 17:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG
2014-03-03 15:28 . 2014-03-03 15:29 -------- d-----w- C:\FRST
2014-03-03 12:08 . 2013-12-18 08:38 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-03-03 12:08 . 2014-03-03 12:08 -------- d-----w- c:\documents and settings\Neuanfang\Application Data\AVG
2014-03-03 12:05 . 2014-03-03 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2014-03-03 12:03 . 2014-03-03 12:03 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-03 11:30 . 2014-03-03 11:30 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2014
2014-03-03 11:29 . 2014-03-03 11:29 -------- d-----w- C:\$AVG
2014-03-03 11:28 . 2014-03-03 11:33 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg2014
2014-03-03 11:28 . 2014-03-03 12:06 -------- d-----w- c:\program files\AVG
2014-03-03 11:25 . 2014-03-04 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2014-03-03 11:25 . 2014-03-03 15:51 -------- d-----w- c:\documents and settings\Neuanfang\Local Settings\Application Data\Avg2014
2014-03-03 11:25 . 2014-03-03 11:25 -------- d-----w- c:\documents and settings\Neuanfang\Local Settings\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-26 21:15 . 2012-06-05 19:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-26 21:15 . 2012-06-05 19:55 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 20:46 . 2014-01-19 20:46 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2007-08-30 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2013-07-09 226592]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2013-07-09 07:30 226592 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-11-27 23:23 294456 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2013-07-09 226592]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2013-07-09 226592]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\Neuanfang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"VX3000"=c:\windows\vVX3000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"PDFPrint"=c:\program files\PDF24\pdf24.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\Neuanfang\\Desktop\\PASW_Statistics_by_PP\\Virtual\\STUBEXE\\@PROGRAMFILES@\\SPSSInc\\PASWStatistics18\\paswstat.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [25.11.2013 21:56 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [31.10.2013 22:30 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [10.09.2013 00:43 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [25.11.2013 21:49 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [25.11.2013 21:56 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [19.01.2014 21:46 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [31.10.2013 23:00 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [01.08.2013 16:08 193848]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [24.09.2013 01:33 348008]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [18.12.2013 09:38 1741624]
R2 Virtual CDAudio Service;Virtual CDAudio Service;c:\program files\Audials\Audials 10\VCDWriter\32\VCDAudioService.exe [20.03.2013 16:21 179464]
R2 WTGService;WTGService;c:\program files\Verbindungsassistent\WTGService.exe [01.01.2013 20:57 296400]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [20.03.2013 16:21 31848]
R3 rsvcdwdr;rsvcdwdr;c:\windows\system32\drivers\rsvcdwdr.sys [20.03.2013 16:21 35976]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [16.12.2013 14:34 12320]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [22.01.2014 12:19 3788816]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [30.11.2013 10:02 118264]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16.09.2013 11:29 3273088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [01.03.2013 11:11 161384]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [02.10.2011 12:03 15896]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [05.02.2013 16:48 235216]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [20.03.2013 16:21 31848]
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 21:15]
.
2013-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2014-03-03 c:\windows\Tasks\EPUpdater.job
- c:\docume~1\NEUANF~1\APPLIC~1\BABSOL~1\Shared\BabMaint.exe [2013-07-02 09:23]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 18:50]
.
2014-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 18:50]
.
2014-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003Core.job
- c:\documents and settings\Neuanfang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-13 18:50]
.
2014-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003UA.job
- c:\documents and settings\Neuanfang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-13 18:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=CC74001F3ABDC807&affID=121562&tsp=4931
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.89.1 194.25.0.60 8.8.8.8
FF - ProfilePath - c:\documents and settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - cc74969b000000000000001f3abdc807
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15888
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.519:25
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121562&tsp=4931
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Amazon MP3-Downloader - c:\documents and settings\Neuanfang\Desktop\Uninstall.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Studio_is1 - c:\program files\DVDVideoSoft\Free Studio\unins000.exe
AddRemove-toolplugin - c:\docume~1\NEUANF~1\LOCALS~1\Temp\WZSE0.TMP\setup.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-Winmail Opener - c:\documents and settings\Neuanfang\Desktop\Winmail Opener\uninst.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\documents and settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-03-04 19:18
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-04 19:20:09
ComboFix-quarantined-files.txt 2014-03-04 18:19
.
Pre-Run: 21.120.995.328 bytes free
Post-Run: 22.659.432.448 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DBB1FC85BBBC8BA55B0F808CBB72F5AD
8F558EB6672622401DA993E1E865C861
Geändert von Ziege87 (04.03.2014 um 19:10 Uhr) |
|
05.03.2014, 16:55
| #4 |
| /// the machine /// TB-Ausbilder | Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.03.2014, 20:06
| #5 |
| | Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme Hallo Schrauber, hab alles gemacht, hier die Logfiles: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.05.09 Windows XP Service Pack 2 x86 NTFS Internet Explorer 7.0.5730.11 Neuanfang :: FRANZI [Administrator] Schutz: Aktiviert 05.03.2014 19:25:06 mbam-log-2014-03-05 (19-25-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211932 Laufzeit: 9 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 20 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DELTA\DELTA\IESTRG (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Delta\delta\Instl (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 8 HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=CC74001F3ABDC807&affID=121562&tsp=4931 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Delta\delta|lastB (PUP.Optional.Delta.A) -> Daten: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=CC74001F3ABDC807&affID=121562&tsp=4931 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Delta\delta\iestrg|tlbrsrchurl (PUP.Optional.Delta.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {3376F243-6BFD-4E9F-BCFB-FB1745422DD7} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|bProtectTabs (PUP.Optional.BrowserProtect.A) -> Daten: hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=CC74001F3ABDC807&affID=121562&tsp=4931 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {3376F243-6BFD-4E9F-BCFB-FB1745422DD7} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=CC74001F3ABDC807&affID=121562&tsp=4931) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 13 C:\Documents and Settings\Neuanfang\Application Data\Delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Neuanfang\Application Data\Delta\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.21.5\bh (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Neuanfang\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Neuanfang\Application Data\OpenCandy\1772584FA52F4A2A960785B158839CF7 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Neuanfang\Application Data\OpenCandy\98951D750E2C4AB6A5A5D9D90D2C1ECD (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Neuanfang\Application Data\OpenCandy\A37A2B9D4AA84FC89519916C152D3C4F (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Neuanfang\Application Data\OpenCandy\F96E63FC153F440F85615FA4695C69F7 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Neuanfang\Application Data\File Scout (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 15 C:\Documents and Settings\Neuanfang\Application Data\OpenCandy\98951D750E2C4AB6A5A5D9D90D2C1ECD\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\WINDOWS\Tasks\EPUpdater.job (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Neuanfang\Application Data\Delta\sqlite3.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.21.5\deltaApp.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.21.5\deltaEng.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.21.5\deltasrv.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.21.5\GUninstaller.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.21.5\uninstall.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Neuanfang\Application Data\OpenCandy\1772584FA52F4A2A960785B158839CF7\TuneUpUtilities2013-2200319_en-US.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Neuanfang\Application Data\OpenCandy\A37A2B9D4AA84FC89519916C152D3C4F\saSetup.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Neuanfang\Application Data\OpenCandy\F96E63FC153F440F85615FA4695C69F7\speedupmypcDE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Documents and Settings\Neuanfang\Application Data\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.020 - Report created 05/03/2014 at 19:49:02
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Neuanfang - FRANZI
# Running from : C:\Documents and Settings\Neuanfang\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BitGuard
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Delta
Folder Deleted : C:\Program Files\DVDVideoSoftTB
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\WINDOWS\system32\AI_RecycleBin
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\DVDVideoSoftTB
Folder Deleted : C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Neuanfang\Local Settings\Application Data\DVDVideoSoftTB
Folder Deleted : C:\Documents and Settings\Neuanfang\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\Neuanfang\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Neuanfang\Application Data\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\Neuanfang\Application Data\Toolplugin
Folder Deleted : C:\Documents and Settings\Neuanfang\Start Menu\Programs\BitGuard
Folder Deleted : C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\Extensions\ffxtlbr@delta.com
File Deleted : C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\bprotector_prefs.js
File Deleted : C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\searchplugins\Babylon.xml
File Deleted : C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\searchplugins\BitGuard.xml
File Deleted : C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\searchplugins\BrowserDefender.xml
File Deleted : C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\searchplugins\delta.xml
File Deleted : C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKCU\Software\855d9ddbd3ae513
Key Deleted : HKLM\SOFTWARE\855d9ddbd3ae513
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D7F1448-A513-4BD4-A46E-CD6B9546D4F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEE2F533-5727-4C90-BF1F-DDFC50C02654}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FEE2F533-5727-4C90-BF1F-DDFC50C02654}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FEE2F533-5727-4C90-BF1F-DDFC50C02654}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEF0FD5C-DC26-47C4-893D-8BF0CF4C33E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FB050FC-0A45-4B7F-B1D6-B87EB7F090D5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\toolplugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.20583
-\\ Mozilla Firefox v27.0.1 (de)
[ File : C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=CC74001F3ABDC807&affID=121562&tsp=4931");
Line Deleted : user_pref("browser.search.order.1", "Delta Search");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "cc74969b000000000000001f3abdc807");
Line Deleted : user_pref("extensions.delta.instlDay", "15888");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.519:25:19");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=121562&tsp=4931");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
-\\ Google Chrome v
[ File : C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
*************************
AdwCleaner[R0].txt - [11908 octets] - [05/03/2014 19:43:45]
AdwCleaner[S0].txt - [11076 octets] - [05/03/2014 19:49:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11137 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Neuanfang on 05.03.2014 at 19:55:22,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-725345543-287218729-682003330-1003\Software\sweetim
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.03.2014 at 20:00:30,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014
Ran by Neuanfang (administrator) on FRANZI on 05-03-2014 20:01:16
Running from C:\Documents and Settings\Neuanfang\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Realtek Semiconductor Corp.) C:\Documents and Settings\Neuanfang\Local Settings\temp\RtkBtMnt.exe
(RapidSolution Software AG) C:\Program Files\Audials\Audials 10\VCDWriter\32\VCDAudioService.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16132608 2007-05-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKU\.DEFAULT\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.89.1 194.25.0.60 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Documents and Settings\Neuanfang\Desktop\npAmazonMP3DownloaderPlugin101799.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-02-11]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-02-11]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-11-30]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google-Suche) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-11-30]
CHR Extension: (AT_DonnaKaran) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fijgnliiiplghalknhobbcngpcngaoji [2011-02-16]
CHR Extension: (DivX HiQ) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-02-13]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-09-16]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-02-13]
CHR Extension: (Google Mail) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-11-30]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-09-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-11-30]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-15] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [118264 2014-02-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1741624 2013-12-18] (AVG)
R2 Virtual CDAudio Service; C:\Program Files\Audials\Audials 10\VCDWriter\32\VCDAudioService.exe [179464 2013-03-20] (RapidSolution Software AG)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
==================== Drivers (Whitelisted) ====================
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2007-09-20] (Broadcom Corp.)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RRNetCap; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-03-20] (RapidSolution Software AG)
R3 rsvcdwdr; C:\WINDOWS\System32\DRIVERS\rsvcdwdr.sys [35976 2013-03-20] (RapidSolution Software AG)
R3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [39048 2013-03-20] (RapidSolution Software AG)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-12-16] (TuneUp Software)
S3 catchme; \??\C:\DOCUME~1\NEUANF~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-05 20:00 - 2014-03-05 20:00 - 00001088 _____ () C:\Documents and Settings\Neuanfang\Desktop\JRT.txt
2014-03-05 19:55 - 2014-03-05 19:55 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-05 19:54 - 2014-03-05 19:54 - 01037734 _____ (Thisisu) C:\Documents and Settings\Neuanfang\Desktop\JRT.exe
2014-03-05 19:52 - 2014-03-05 19:52 - 00011218 _____ () C:\Documents and Settings\Neuanfang\Desktop\AdwCleaner[S0].txt
2014-03-05 19:43 - 2014-03-05 19:49 - 00000000 ____D () C:\AdwCleaner
2014-03-05 19:39 - 2014-03-05 19:39 - 01244192 _____ () C:\Documents and Settings\Neuanfang\Desktop\adwcleaner.exe
2014-03-05 19:06 - 2014-03-05 19:06 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\Malwarebytes
2014-03-05 19:05 - 2014-03-05 19:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-05 19:05 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-05 19:04 - 2014-03-05 19:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Neuanfang\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-04 19:20 - 2014-03-04 19:20 - 00021093 _____ () C:\ComboFix.txt
2014-03-04 19:11 - 2014-03-04 19:11 - 00000000 _RSHD () C:\cmdcons
2014-03-04 19:11 - 2010-11-19 15:45 - 00000211 _____ () C:\Boot.bak
2014-03-04 19:11 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-03-04 18:57 - 2014-03-04 18:57 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-03-04 18:55 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-04 18:55 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-04 18:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-04 18:54 - 2014-03-04 19:20 - 00000000 ____D () C:\Qoobox
2014-03-04 18:54 - 2014-03-04 19:18 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-04 18:52 - 2014-03-04 18:52 - 05186850 ____R (Swearware) C:\Documents and Settings\Neuanfang\Desktop\ComboFix.exe
2014-03-03 21:49 - 2014-03-03 21:49 - 02972214 _____ () C:\Documents and Settings\Neuanfang\Desktop\Virenquarantänenliste.bmp
2014-03-03 16:49 - 2014-03-03 16:49 - 00005730 _____ () C:\Documents and Settings\Neuanfang\Desktop\GMER.txt
2014-03-03 16:31 - 2014-03-03 16:31 - 00380416 _____ () C:\Documents and Settings\Neuanfang\Desktop\Gmer-19357.exe
2014-03-03 16:29 - 2014-03-03 16:29 - 00019653 _____ () C:\Documents and Settings\Neuanfang\Desktop\Addition.txt
2014-03-03 16:28 - 2014-03-05 20:01 - 00019678 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST.txt
2014-03-03 16:28 - 2014-03-05 20:01 - 00000000 ____D () C:\FRST
2014-03-03 16:27 - 2014-03-03 16:27 - 01145344 _____ (Farbar) C:\Documents and Settings\Neuanfang\Desktop\FRST.exe
2014-03-03 16:25 - 2014-03-03 16:26 - 00000480 _____ () C:\Documents and Settings\Neuanfang\Desktop\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000454 _____ () C:\Documents and Settings\Neuanfang\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000000 _____ () C:\Documents and Settings\Neuanfang\defogger_reenable
2014-03-03 16:20 - 2014-03-03 16:20 - 00050477 _____ () C:\Documents and Settings\Neuanfang\Desktop\Defogger.exe
2014-03-03 13:08 - 2014-03-03 13:08 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001745 _____ () C:\Documents and Settings\All Users\Desktop\AVG 1-Klick-Wartung.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2014-03-03 13:08 - 2013-12-18 09:38 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2014-03-03 13:05 - 2014-03-03 13:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-03 12:31 - 2014-03-03 12:31 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG2014
2014-03-03 12:30 - 2014-03-03 12:30 - 00000718 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-03 12:30 - 2014-03-03 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-03 12:29 - 2014-03-03 12:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-03-03 12:29 - 2014-03-03 12:29 - 00000000 ____D () C:\$AVG
2014-03-03 12:28 - 2014-03-03 13:06 - 00000000 ____D () C:\Program Files\AVG
2014-03-03 12:25 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-03 12:25 - 2014-03-03 16:51 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Avg2014
2014-03-03 12:25 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\MFAData
2014-02-08 20:53 - 2014-02-08 20:53 - 00007680 ___SH () C:\WINDOWS\Thumbs.db
==================== One Month Modified Files and Folders =======
2014-03-05 20:01 - 2014-03-03 16:28 - 00019678 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST.txt
2014-03-05 20:01 - 2014-03-03 16:28 - 00000000 ____D () C:\FRST
2014-03-05 20:00 - 2014-03-05 20:00 - 00001088 _____ () C:\Documents and Settings\Neuanfang\Desktop\JRT.txt
2014-03-05 19:55 - 2014-03-05 19:55 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-05 19:55 - 2010-11-19 16:37 - 00512960 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-05 19:54 - 2014-03-05 19:54 - 01037734 _____ (Thisisu) C:\Documents and Settings\Neuanfang\Desktop\JRT.exe
2014-03-05 19:52 - 2014-03-05 19:52 - 00011218 _____ () C:\Documents and Settings\Neuanfang\Desktop\AdwCleaner[S0].txt
2014-03-05 19:52 - 2010-11-19 16:36 - 03535230 _____ () C:\WINDOWS\setupapi.log
2014-03-05 19:51 - 2010-11-19 16:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-05 19:51 - 2010-11-19 16:40 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-03-05 19:51 - 2010-11-19 15:50 - 01174741 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-05 19:50 - 2010-12-21 19:50 - 00001100 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-05 19:50 - 2010-11-19 15:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-05 19:49 - 2014-03-05 19:43 - 00000000 ____D () C:\AdwCleaner
2014-03-05 19:49 - 2013-03-23 14:08 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-03-05 19:49 - 2010-11-19 15:57 - 00000278 ___SH () C:\Documents and Settings\Neuanfang\ntuser.ini
2014-03-05 19:49 - 2010-11-19 15:55 - 00032516 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-05 19:42 - 2013-11-30 10:02 - 00000000 ____D () C:\Program Files\McAfee
2014-03-05 19:41 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\pchealth
2014-03-05 19:40 - 2010-11-19 15:57 - 00000000 ____D () C:\Documents and Settings\Neuanfang
2014-03-05 19:39 - 2014-03-05 19:39 - 01244192 _____ () C:\Documents and Settings\Neuanfang\Desktop\adwcleaner.exe
2014-03-05 19:15 - 2012-06-05 20:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-05 19:10 - 2011-02-13 12:57 - 00001206 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003UA.job
2014-03-05 19:06 - 2014-03-05 19:06 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\Malwarebytes
2014-03-05 19:06 - 2014-03-05 19:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 19:06 - 2010-12-21 19:50 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 19:05 - 2014-03-05 19:05 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-05 19:05 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-05 19:04 - 2014-03-05 19:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Neuanfang\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-05 19:00 - 2001-08-23 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-05 02:26 - 2010-12-13 17:18 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\Skype
2014-03-04 21:09 - 2011-02-13 12:57 - 00001154 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003Core.job
2014-03-04 19:20 - 2014-03-04 19:20 - 00021093 _____ () C:\ComboFix.txt
2014-03-04 19:20 - 2014-03-04 18:54 - 00000000 ____D () C:\Qoobox
2014-03-04 19:20 - 2010-11-19 15:55 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-04 19:18 - 2014-03-04 18:54 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-04 19:18 - 2001-08-23 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-04 19:11 - 2014-03-04 19:11 - 00000000 _RSHD () C:\cmdcons
2014-03-04 19:11 - 2010-11-19 16:35 - 00000327 __RSH () C:\boot.ini
2014-03-04 18:57 - 2014-03-04 18:57 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-03-04 18:52 - 2014-03-04 18:52 - 05186850 ____R (Swearware) C:\Documents and Settings\Neuanfang\Desktop\ComboFix.exe
2014-03-03 21:49 - 2014-03-03 21:49 - 02972214 _____ () C:\Documents and Settings\Neuanfang\Desktop\Virenquarantänenliste.bmp
2014-03-03 16:51 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Avg2014
2014-03-03 16:49 - 2014-03-03 16:49 - 00005730 _____ () C:\Documents and Settings\Neuanfang\Desktop\GMER.txt
2014-03-03 16:31 - 2014-03-03 16:31 - 00380416 _____ () C:\Documents and Settings\Neuanfang\Desktop\Gmer-19357.exe
2014-03-03 16:29 - 2014-03-03 16:29 - 00019653 _____ () C:\Documents and Settings\Neuanfang\Desktop\Addition.txt
2014-03-03 16:27 - 2014-03-03 16:27 - 01145344 _____ (Farbar) C:\Documents and Settings\Neuanfang\Desktop\FRST.exe
2014-03-03 16:26 - 2014-03-03 16:25 - 00000480 _____ () C:\Documents and Settings\Neuanfang\Desktop\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000454 _____ () C:\Documents and Settings\Neuanfang\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000000 _____ () C:\Documents and Settings\Neuanfang\defogger_reenable
2014-03-03 16:20 - 2014-03-03 16:20 - 00050477 _____ () C:\Documents and Settings\Neuanfang\Desktop\Defogger.exe
2014-03-03 13:09 - 2014-03-03 13:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001745 _____ () C:\Documents and Settings\All Users\Desktop\AVG 1-Klick-Wartung.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2014-03-03 13:06 - 2014-03-03 12:28 - 00000000 ____D () C:\Program Files\AVG
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-03 12:52 - 2010-11-19 15:51 - 00001607 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-03-03 12:52 - 2010-11-19 15:48 - 00001574 _____ () C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk
2014-03-03 12:51 - 2010-11-19 15:57 - 00001599 _____ () C:\Documents and Settings\Neuanfang\Start Menu\Programs\Remote Assistance.lnk
2014-03-03 12:38 - 2012-05-10 10:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-03 12:36 - 2014-03-03 12:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-03-03 12:31 - 2014-03-03 12:31 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG2014
2014-03-03 12:30 - 2014-03-03 12:30 - 00000718 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-03 12:30 - 2014-03-03 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-03 12:30 - 2013-03-23 14:07 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\TuneUp Software
2014-03-03 12:29 - 2014-03-03 12:29 - 00000000 ____D () C:\$AVG
2014-03-03 12:25 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\MFAData
2014-03-03 12:23 - 2013-07-01 16:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-03 11:31 - 2011-06-11 23:27 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-03-03 11:17 - 2011-01-05 15:52 - 00072192 _____ () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-26 22:15 - 2012-06-05 20:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-26 22:15 - 2012-06-05 20:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-08 20:53 - 2014-02-08 20:53 - 00007680 ___SH () C:\WINDOWS\Thumbs.db
Some content of TEMP:
====================
C:\Documents and Settings\Neuanfang\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Neuanfang\Local Settings\temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2007-06-24 08:38] - [2007-06-24 08:38] - 1033216 ____A (Microsoft Corporation) 42d32722b805d7df42d30487a0bcbd78
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe
[2004-08-04 00:56] - [2004-08-04 00:56] - 0108032 ____A (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4
C:\WINDOWS\system32\User32.dll
[2007-06-24 08:40] - [2007-06-24 08:40] - 0578048 ____A (Microsoft Corporation) 7aa4f6c00405dfc4b70ed4214e7d687b
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2007-06-24 08:39] - [2007-06-24 08:39] - 0399360 ____A (Microsoft Corporation) 348f04e3582ef2467ee5379d67b99fd7
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Liebe Grüße Ziege |
|
06.03.2014, 19:38
| #6 |
| /// the machine /// TB-Ausbilder | Win XP: Internetprobleme, mehrere Trojaner, WartungsproblemeESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme |
|
15.03.2014, 20:33
| #7 |
| | Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme Hallo Schrauber, sorry, hat etwas gedauert. Hatte viel zu tun. Naja... ich fürchte irgendwas stimmt immer noch nicht mit meinem Rechner. Mein Facebookaccount und meine beiden E-Mailadressen bei Hotmail.de wurden geknackt. am 09.03.14 habe ich die letzten Mails auf meinem Handy erhalten. Seitdem komme ich wohl nicht mehr in meine E-Mailkonten. Da ich sehr unregelmäßig meine Mails checke, ist mir das erst gestern aufgefallen -.-. Naja, hier erstmal die Logs: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b2ae3aed4c023742a94d707c7d73e3e1
# engine=17462
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-15 01:36:45
# local_time=2014-03-15 02:36:45 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# scanned=77429
# found=1
# cleaned=0
# scan_time=8393
sh=487B6991224E75E37F6C0397D06E09429FA75D1F ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Neuanfang\Application Data\Sun\Java\Deployment\cache\6.0\24\39badc98-3091880f"
Code:
ATTFilter Results of screen317's Security Check version 0.99.80 Windows XP Service Pack 2 x86 Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG AntiVirus 2014 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` McAfee SiteAdvisor Malwarebytes Anti-Malware Version 1.75.0.1300 AVG PC TuneUp 2014 TuneUp Utilities Language Pack (en-US) AVG PC TuneUp 2014 (de-DE) JavaFX 2.1.0 Java(TM) 6 Update 26 Java 7 Update 25 Java version out of Date! Adobe Flash Player 12.0.0.77 Adobe Reader 10.1.1 Adobe Reader out of Date! Mozilla Firefox (27.0.1) ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Neuanfang (administrator) on FRANZI on 15-03-2014 20:04:24
Running from C:\Documents and Settings\Neuanfang\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(RapidSolution Software AG) C:\Program Files\Audials\Audials 10\VCDWriter\32\VCDAudioService.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Realtek Semiconductor Corp.) C:\Documents and Settings\Neuanfang\Local Settings\temp\RtkBtMnt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16132608 2007-05-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKU\.DEFAULT\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.89.1 194.25.0.60 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Documents and Settings\Neuanfang\Desktop\npAmazonMP3DownloaderPlugin101799.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-02-11]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-02-11]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-11-30]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google-Suche) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-11-30]
CHR Extension: (AT_DonnaKaran) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fijgnliiiplghalknhobbcngpcngaoji [2011-02-16]
CHR Extension: (DivX HiQ) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-02-13]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-09-16]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-02-13]
CHR Extension: (Google Mail) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-11-30]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-09-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-11-30]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-15] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [118264 2014-03-10] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1741624 2013-12-18] (AVG)
R2 Virtual CDAudio Service; C:\Program Files\Audials\Audials 10\VCDWriter\32\VCDAudioService.exe [179464 2013-03-20] (RapidSolution Software AG)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
==================== Drivers (Whitelisted) ====================
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2007-09-20] (Broadcom Corp.)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RRNetCap; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-03-20] (RapidSolution Software AG)
R3 rsvcdwdr; C:\WINDOWS\System32\DRIVERS\rsvcdwdr.sys [35976 2013-03-20] (RapidSolution Software AG)
R3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [39048 2013-03-20] (RapidSolution Software AG)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-12-16] (TuneUp Software)
S3 catchme; \??\C:\DOCUME~1\NEUANF~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-15 20:04 - 2014-03-15 20:04 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Desktop\FRST-OlderVersion
2014-03-15 20:00 - 2014-03-15 20:00 - 00987442 _____ () C:\Documents and Settings\Neuanfang\Desktop\SecurityCheck.exe
2014-03-12 20:07 - 2014-03-12 20:07 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-03-12 20:07 - 2014-03-12 20:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-05 20:02 - 2014-03-05 20:02 - 00035627 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST2.txt
2014-03-05 20:00 - 2014-03-05 20:00 - 00001088 _____ () C:\Documents and Settings\Neuanfang\Desktop\JRT.txt
2014-03-05 19:55 - 2014-03-05 19:55 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-05 19:54 - 2014-03-05 19:54 - 01037734 _____ (Thisisu) C:\Documents and Settings\Neuanfang\Desktop\JRT.exe
2014-03-05 19:52 - 2014-03-05 19:52 - 00011218 _____ () C:\Documents and Settings\Neuanfang\Desktop\AdwCleaner[S0].txt
2014-03-05 19:43 - 2014-03-05 19:49 - 00000000 ____D () C:\AdwCleaner
2014-03-05 19:39 - 2014-03-05 19:39 - 01244192 _____ () C:\Documents and Settings\Neuanfang\Desktop\adwcleaner.exe
2014-03-05 19:06 - 2014-03-05 19:06 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\Malwarebytes
2014-03-05 19:05 - 2014-03-05 19:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-05 19:05 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-05 19:04 - 2014-03-05 19:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Neuanfang\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-04 19:20 - 2014-03-04 19:20 - 00021093 _____ () C:\ComboFix.txt
2014-03-04 19:11 - 2014-03-04 19:11 - 00000000 _RSHD () C:\cmdcons
2014-03-04 19:11 - 2010-11-19 15:45 - 00000211 _____ () C:\Boot.bak
2014-03-04 19:11 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-03-04 18:57 - 2014-03-04 18:57 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-03-04 18:55 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-04 18:55 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-04 18:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-04 18:54 - 2014-03-04 19:20 - 00000000 ____D () C:\Qoobox
2014-03-04 18:54 - 2014-03-04 19:18 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-04 18:52 - 2014-03-04 18:52 - 05186850 ____R (Swearware) C:\Documents and Settings\Neuanfang\Desktop\ComboFix.exe
2014-03-03 21:49 - 2014-03-03 21:49 - 02972214 _____ () C:\Documents and Settings\Neuanfang\Desktop\Virenquarantänenliste.bmp
2014-03-03 16:49 - 2014-03-03 16:49 - 00005730 _____ () C:\Documents and Settings\Neuanfang\Desktop\GMER.txt
2014-03-03 16:31 - 2014-03-03 16:31 - 00380416 _____ () C:\Documents and Settings\Neuanfang\Desktop\Gmer-19357.exe
2014-03-03 16:29 - 2014-03-03 16:29 - 00019653 _____ () C:\Documents and Settings\Neuanfang\Desktop\Addition.txt
2014-03-03 16:28 - 2014-03-15 20:04 - 00020339 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST.txt
2014-03-03 16:28 - 2014-03-15 20:04 - 00000000 ____D () C:\FRST
2014-03-03 16:27 - 2014-03-15 20:04 - 01145856 _____ (Farbar) C:\Documents and Settings\Neuanfang\Desktop\FRST.exe
2014-03-03 16:25 - 2014-03-03 16:26 - 00000480 _____ () C:\Documents and Settings\Neuanfang\Desktop\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000454 _____ () C:\Documents and Settings\Neuanfang\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000000 _____ () C:\Documents and Settings\Neuanfang\defogger_reenable
2014-03-03 16:20 - 2014-03-03 16:20 - 00050477 _____ () C:\Documents and Settings\Neuanfang\Desktop\Defogger.exe
2014-03-03 13:08 - 2014-03-03 13:08 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001745 _____ () C:\Documents and Settings\All Users\Desktop\AVG 1-Klick-Wartung.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2014-03-03 13:08 - 2013-12-18 09:38 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2014-03-03 13:05 - 2014-03-03 13:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-03 12:31 - 2014-03-03 12:31 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG2014
2014-03-03 12:30 - 2014-03-12 20:07 - 00000718 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-03 12:29 - 2014-03-03 12:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-03-03 12:29 - 2014-03-03 12:29 - 00000000 ___HD () C:\$AVG
2014-03-03 12:28 - 2014-03-03 13:06 - 00000000 ____D () C:\Program Files\AVG
2014-03-03 12:25 - 2014-03-15 18:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-03 12:25 - 2014-03-03 16:51 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Avg2014
2014-03-03 12:25 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\MFAData
==================== One Month Modified Files and Folders =======
2014-03-15 20:04 - 2014-03-15 20:04 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Desktop\FRST-OlderVersion
2014-03-15 20:04 - 2014-03-03 16:28 - 00020339 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST.txt
2014-03-15 20:04 - 2014-03-03 16:28 - 00000000 ____D () C:\FRST
2014-03-15 20:04 - 2014-03-03 16:27 - 01145856 _____ (Farbar) C:\Documents and Settings\Neuanfang\Desktop\FRST.exe
2014-03-15 20:00 - 2014-03-15 20:00 - 00987442 _____ () C:\Documents and Settings\Neuanfang\Desktop\SecurityCheck.exe
2014-03-15 19:59 - 2010-12-13 17:18 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\Skype
2014-03-15 19:58 - 2010-11-19 15:50 - 01217739 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-15 19:15 - 2012-06-05 20:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-15 19:10 - 2011-02-13 12:57 - 00001206 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003UA.job
2014-03-15 19:05 - 2010-12-21 19:50 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-15 18:24 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-15 11:53 - 2010-11-19 16:37 - 00512960 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-15 11:49 - 2010-11-19 16:36 - 03565110 _____ () C:\WINDOWS\setupapi.log
2014-03-15 11:48 - 2010-12-21 19:50 - 00001100 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 11:48 - 2010-11-19 16:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-15 11:48 - 2010-11-19 16:40 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-15 11:47 - 2010-11-19 15:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-15 03:41 - 2013-03-23 14:08 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-03-15 03:41 - 2010-11-19 15:57 - 00000278 ___SH () C:\Documents and Settings\Neuanfang\ntuser.ini
2014-03-15 03:41 - 2010-11-19 15:57 - 00000000 ____D () C:\Documents and Settings\Neuanfang
2014-03-15 03:41 - 2010-11-19 15:55 - 00032494 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-14 21:09 - 2011-02-13 12:57 - 00001154 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003Core.job
2014-03-14 20:08 - 2001-08-23 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-12 20:07 - 2014-03-12 20:07 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-03-12 20:07 - 2014-03-12 20:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-12 20:07 - 2014-03-03 12:30 - 00000718 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-12 20:00 - 2013-11-30 10:02 - 00000000 ____D () C:\Program Files\McAfee
2014-03-11 21:18 - 2012-06-05 20:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-11 21:18 - 2012-06-05 20:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-05 20:02 - 2014-03-05 20:02 - 00035627 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST2.txt
2014-03-05 20:00 - 2014-03-05 20:00 - 00001088 _____ () C:\Documents and Settings\Neuanfang\Desktop\JRT.txt
2014-03-05 19:55 - 2014-03-05 19:55 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-05 19:54 - 2014-03-05 19:54 - 01037734 _____ (Thisisu) C:\Documents and Settings\Neuanfang\Desktop\JRT.exe
2014-03-05 19:52 - 2014-03-05 19:52 - 00011218 _____ () C:\Documents and Settings\Neuanfang\Desktop\AdwCleaner[S0].txt
2014-03-05 19:49 - 2014-03-05 19:43 - 00000000 ____D () C:\AdwCleaner
2014-03-05 19:41 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\pchealth
2014-03-05 19:39 - 2014-03-05 19:39 - 01244192 _____ () C:\Documents and Settings\Neuanfang\Desktop\adwcleaner.exe
2014-03-05 19:06 - 2014-03-05 19:06 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\Malwarebytes
2014-03-05 19:06 - 2014-03-05 19:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-05 19:04 - 2014-03-05 19:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Neuanfang\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-04 19:20 - 2014-03-04 19:20 - 00021093 _____ () C:\ComboFix.txt
2014-03-04 19:20 - 2014-03-04 18:54 - 00000000 ____D () C:\Qoobox
2014-03-04 19:20 - 2010-11-19 15:55 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-04 19:18 - 2014-03-04 18:54 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-04 19:18 - 2001-08-23 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-04 19:11 - 2014-03-04 19:11 - 00000000 _RSHD () C:\cmdcons
2014-03-04 19:11 - 2010-11-19 16:35 - 00000327 __RSH () C:\boot.ini
2014-03-04 18:57 - 2014-03-04 18:57 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-03-04 18:52 - 2014-03-04 18:52 - 05186850 ____R (Swearware) C:\Documents and Settings\Neuanfang\Desktop\ComboFix.exe
2014-03-03 21:49 - 2014-03-03 21:49 - 02972214 _____ () C:\Documents and Settings\Neuanfang\Desktop\Virenquarantänenliste.bmp
2014-03-03 16:51 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Avg2014
2014-03-03 16:49 - 2014-03-03 16:49 - 00005730 _____ () C:\Documents and Settings\Neuanfang\Desktop\GMER.txt
2014-03-03 16:31 - 2014-03-03 16:31 - 00380416 _____ () C:\Documents and Settings\Neuanfang\Desktop\Gmer-19357.exe
2014-03-03 16:29 - 2014-03-03 16:29 - 00019653 _____ () C:\Documents and Settings\Neuanfang\Desktop\Addition.txt
2014-03-03 16:26 - 2014-03-03 16:25 - 00000480 _____ () C:\Documents and Settings\Neuanfang\Desktop\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000454 _____ () C:\Documents and Settings\Neuanfang\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000000 _____ () C:\Documents and Settings\Neuanfang\defogger_reenable
2014-03-03 16:20 - 2014-03-03 16:20 - 00050477 _____ () C:\Documents and Settings\Neuanfang\Desktop\Defogger.exe
2014-03-03 13:09 - 2014-03-03 13:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001745 _____ () C:\Documents and Settings\All Users\Desktop\AVG 1-Klick-Wartung.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2014-03-03 13:06 - 2014-03-03 12:28 - 00000000 ____D () C:\Program Files\AVG
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-03 12:52 - 2010-11-19 15:51 - 00001607 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-03-03 12:52 - 2010-11-19 15:48 - 00001574 _____ () C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk
2014-03-03 12:51 - 2010-11-19 15:57 - 00001599 _____ () C:\Documents and Settings\Neuanfang\Start Menu\Programs\Remote Assistance.lnk
2014-03-03 12:38 - 2012-05-10 10:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-03 12:36 - 2014-03-03 12:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-03-03 12:31 - 2014-03-03 12:31 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG2014
2014-03-03 12:30 - 2013-03-23 14:07 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\TuneUp Software
2014-03-03 12:29 - 2014-03-03 12:29 - 00000000 ___HD () C:\$AVG
2014-03-03 12:25 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\MFAData
2014-03-03 12:23 - 2013-07-01 16:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-03 11:31 - 2011-06-11 23:27 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-03-03 11:17 - 2011-01-05 15:52 - 00072192 _____ () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Documents and Settings\Neuanfang\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Neuanfang\Local Settings\temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2007-06-24 08:38] - [2007-06-24 08:38] - 1033216 ____A (Microsoft Corporation) 42d32722b805d7df42d30487a0bcbd78
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe
[2004-08-04 00:56] - [2004-08-04 00:56] - 0108032 ____A (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4
C:\WINDOWS\system32\User32.dll
[2007-06-24 08:40] - [2007-06-24 08:40] - 0578048 ____A (Microsoft Corporation) 7aa4f6c00405dfc4b70ed4214e7d687b
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2007-06-24 08:39] - [2007-06-24 08:39] - 0399360 ____A (Microsoft Corporation) 348f04e3582ef2467ee5379d67b99fd7
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- Hallo Schrauber, sorry, hab viel zu tun gehabt und hatte keine Zeit. Also so richtig läuft es bei mir noch nicht...teilweise noch sehr langsam. Zudem wurde meine beiden E-Mailaccounts und mein Facebookaccount geknackt :-( Konnte mich mit den Passwörtern nicht mehr anmelden, bzw. bei hotmail.de komme ich immer noch nicht rein. Die E-Mailaddys sind untereinander die Mails wo die Sicherheitscodes hingeschickt werden -.- Nun ja, jetzt bin ich schlauer und weiß, dass es dumm war zwei Mailaddys bei hotmail.de zu machen. Hier erstmal die Logs: Results of screen317's Security Check version 0.99.80 Windows XP Service Pack 2 x86 Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG AntiVirus 2014 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` McAfee SiteAdvisor Malwarebytes Anti-Malware Version 1.75.0.1300 AVG PC TuneUp 2014 TuneUp Utilities Language Pack (en-US) AVG PC TuneUp 2014 (de-DE) JavaFX 2.1.0 Java(TM) 6 Update 26 Java 7 Update 25 Java version out of Date! Adobe Flash Player 12.0.0.77 Adobe Reader 10.1.1 Adobe Reader out of Date! Mozilla Firefox (27.0.1) ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=b2ae3aed4c023742a94d707c7d73e3e1 # engine=17462 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-03-15 01:36:45 # local_time=2014-03-15 02:36:45 (+0100, W. Europe Standard Time) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # scanned=77429 # found=1 # cleaned=0 # scan_time=8393 sh=487B6991224E75E37F6C0397D06E09429FA75D1F ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Neuanfang\Application Data\Sun\Java\Deployment\cache\6.0\24\39badc98-3091880f" FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Neuanfang (administrator) on FRANZI on 15-03-2014 20:04:24
Running from C:\Documents and Settings\Neuanfang\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(RapidSolution Software AG) C:\Program Files\Audials\Audials 10\VCDWriter\32\VCDAudioService.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Realtek Semiconductor Corp.) C:\Documents and Settings\Neuanfang\Local Settings\temp\RtkBtMnt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16132608 2007-05-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKU\.DEFAULT\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.89.1 194.25.0.60 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Documents and Settings\Neuanfang\Desktop\npAmazonMP3DownloaderPlugin101799.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-02-11]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-02-11]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-11-30]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google-Suche) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-11-30]
CHR Extension: (AT_DonnaKaran) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fijgnliiiplghalknhobbcngpcngaoji [2011-02-16]
CHR Extension: (DivX HiQ) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-02-13]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-09-16]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-02-13]
CHR Extension: (Google Mail) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-11-30]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-09-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-11-30]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-15] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [118264 2014-03-10] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1741624 2013-12-18] (AVG)
R2 Virtual CDAudio Service; C:\Program Files\Audials\Audials 10\VCDWriter\32\VCDAudioService.exe [179464 2013-03-20] (RapidSolution Software AG)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
==================== Drivers (Whitelisted) ====================
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2007-09-20] (Broadcom Corp.)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RRNetCap; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-03-20] (RapidSolution Software AG)
R3 rsvcdwdr; C:\WINDOWS\System32\DRIVERS\rsvcdwdr.sys [35976 2013-03-20] (RapidSolution Software AG)
R3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [39048 2013-03-20] (RapidSolution Software AG)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-12-16] (TuneUp Software)
S3 catchme; \??\C:\DOCUME~1\NEUANF~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-15 20:04 - 2014-03-15 20:04 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Desktop\FRST-OlderVersion
2014-03-15 20:00 - 2014-03-15 20:00 - 00987442 _____ () C:\Documents and Settings\Neuanfang\Desktop\SecurityCheck.exe
2014-03-12 20:07 - 2014-03-12 20:07 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-03-12 20:07 - 2014-03-12 20:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-05 20:02 - 2014-03-05 20:02 - 00035627 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST2.txt
2014-03-05 20:00 - 2014-03-05 20:00 - 00001088 _____ () C:\Documents and Settings\Neuanfang\Desktop\JRT.txt
2014-03-05 19:55 - 2014-03-05 19:55 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-05 19:54 - 2014-03-05 19:54 - 01037734 _____ (Thisisu) C:\Documents and Settings\Neuanfang\Desktop\JRT.exe
2014-03-05 19:52 - 2014-03-05 19:52 - 00011218 _____ () C:\Documents and Settings\Neuanfang\Desktop\AdwCleaner[S0].txt
2014-03-05 19:43 - 2014-03-05 19:49 - 00000000 ____D () C:\AdwCleaner
2014-03-05 19:39 - 2014-03-05 19:39 - 01244192 _____ () C:\Documents and Settings\Neuanfang\Desktop\adwcleaner.exe
2014-03-05 19:06 - 2014-03-05 19:06 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\Malwarebytes
2014-03-05 19:05 - 2014-03-05 19:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-05 19:05 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-05 19:04 - 2014-03-05 19:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Neuanfang\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-04 19:20 - 2014-03-04 19:20 - 00021093 _____ () C:\ComboFix.txt
2014-03-04 19:11 - 2014-03-04 19:11 - 00000000 _RSHD () C:\cmdcons
2014-03-04 19:11 - 2010-11-19 15:45 - 00000211 _____ () C:\Boot.bak
2014-03-04 19:11 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-03-04 18:57 - 2014-03-04 18:57 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-03-04 18:55 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-04 18:55 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-04 18:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-04 18:54 - 2014-03-04 19:20 - 00000000 ____D () C:\Qoobox
2014-03-04 18:54 - 2014-03-04 19:18 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-04 18:52 - 2014-03-04 18:52 - 05186850 ____R (Swearware) C:\Documents and Settings\Neuanfang\Desktop\ComboFix.exe
2014-03-03 21:49 - 2014-03-03 21:49 - 02972214 _____ () C:\Documents and Settings\Neuanfang\Desktop\Virenquarantänenliste.bmp
2014-03-03 16:49 - 2014-03-03 16:49 - 00005730 _____ () C:\Documents and Settings\Neuanfang\Desktop\GMER.txt
2014-03-03 16:31 - 2014-03-03 16:31 - 00380416 _____ () C:\Documents and Settings\Neuanfang\Desktop\Gmer-19357.exe
2014-03-03 16:29 - 2014-03-03 16:29 - 00019653 _____ () C:\Documents and Settings\Neuanfang\Desktop\Addition.txt
2014-03-03 16:28 - 2014-03-15 20:04 - 00020339 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST.txt
2014-03-03 16:28 - 2014-03-15 20:04 - 00000000 ____D () C:\FRST
2014-03-03 16:27 - 2014-03-15 20:04 - 01145856 _____ (Farbar) C:\Documents and Settings\Neuanfang\Desktop\FRST.exe
2014-03-03 16:25 - 2014-03-03 16:26 - 00000480 _____ () C:\Documents and Settings\Neuanfang\Desktop\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000454 _____ () C:\Documents and Settings\Neuanfang\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000000 _____ () C:\Documents and Settings\Neuanfang\defogger_reenable
2014-03-03 16:20 - 2014-03-03 16:20 - 00050477 _____ () C:\Documents and Settings\Neuanfang\Desktop\Defogger.exe
2014-03-03 13:08 - 2014-03-03 13:08 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001745 _____ () C:\Documents and Settings\All Users\Desktop\AVG 1-Klick-Wartung.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2014-03-03 13:08 - 2013-12-18 09:38 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2014-03-03 13:05 - 2014-03-03 13:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-03 12:31 - 2014-03-03 12:31 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG2014
2014-03-03 12:30 - 2014-03-12 20:07 - 00000718 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-03 12:29 - 2014-03-03 12:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-03-03 12:29 - 2014-03-03 12:29 - 00000000 ___HD () C:\$AVG
2014-03-03 12:28 - 2014-03-03 13:06 - 00000000 ____D () C:\Program Files\AVG
2014-03-03 12:25 - 2014-03-15 18:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-03 12:25 - 2014-03-03 16:51 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Avg2014
2014-03-03 12:25 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\MFAData
==================== One Month Modified Files and Folders =======
2014-03-15 20:04 - 2014-03-15 20:04 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Desktop\FRST-OlderVersion
2014-03-15 20:04 - 2014-03-03 16:28 - 00020339 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST.txt
2014-03-15 20:04 - 2014-03-03 16:28 - 00000000 ____D () C:\FRST
2014-03-15 20:04 - 2014-03-03 16:27 - 01145856 _____ (Farbar) C:\Documents and Settings\Neuanfang\Desktop\FRST.exe
2014-03-15 20:00 - 2014-03-15 20:00 - 00987442 _____ () C:\Documents and Settings\Neuanfang\Desktop\SecurityCheck.exe
2014-03-15 19:59 - 2010-12-13 17:18 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\Skype
2014-03-15 19:58 - 2010-11-19 15:50 - 01217739 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-15 19:15 - 2012-06-05 20:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-15 19:10 - 2011-02-13 12:57 - 00001206 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003UA.job
2014-03-15 19:05 - 2010-12-21 19:50 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-15 18:24 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-15 11:53 - 2010-11-19 16:37 - 00512960 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-15 11:49 - 2010-11-19 16:36 - 03565110 _____ () C:\WINDOWS\setupapi.log
2014-03-15 11:48 - 2010-12-21 19:50 - 00001100 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 11:48 - 2010-11-19 16:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-15 11:48 - 2010-11-19 16:40 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-15 11:47 - 2010-11-19 15:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-15 03:41 - 2013-03-23 14:08 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-03-15 03:41 - 2010-11-19 15:57 - 00000278 ___SH () C:\Documents and Settings\Neuanfang\ntuser.ini
2014-03-15 03:41 - 2010-11-19 15:57 - 00000000 ____D () C:\Documents and Settings\Neuanfang
2014-03-15 03:41 - 2010-11-19 15:55 - 00032494 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-14 21:09 - 2011-02-13 12:57 - 00001154 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003Core.job
2014-03-14 20:08 - 2001-08-23 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-12 20:07 - 2014-03-12 20:07 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-03-12 20:07 - 2014-03-12 20:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-12 20:07 - 2014-03-03 12:30 - 00000718 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-12 20:00 - 2013-11-30 10:02 - 00000000 ____D () C:\Program Files\McAfee
2014-03-11 21:18 - 2012-06-05 20:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-11 21:18 - 2012-06-05 20:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-05 20:02 - 2014-03-05 20:02 - 00035627 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST2.txt
2014-03-05 20:00 - 2014-03-05 20:00 - 00001088 _____ () C:\Documents and Settings\Neuanfang\Desktop\JRT.txt
2014-03-05 19:55 - 2014-03-05 19:55 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-05 19:54 - 2014-03-05 19:54 - 01037734 _____ (Thisisu) C:\Documents and Settings\Neuanfang\Desktop\JRT.exe
2014-03-05 19:52 - 2014-03-05 19:52 - 00011218 _____ () C:\Documents and Settings\Neuanfang\Desktop\AdwCleaner[S0].txt
2014-03-05 19:49 - 2014-03-05 19:43 - 00000000 ____D () C:\AdwCleaner
2014-03-05 19:41 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\pchealth
2014-03-05 19:39 - 2014-03-05 19:39 - 01244192 _____ () C:\Documents and Settings\Neuanfang\Desktop\adwcleaner.exe
2014-03-05 19:06 - 2014-03-05 19:06 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\Malwarebytes
2014-03-05 19:06 - 2014-03-05 19:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-05 19:04 - 2014-03-05 19:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Neuanfang\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-04 19:20 - 2014-03-04 19:20 - 00021093 _____ () C:\ComboFix.txt
2014-03-04 19:20 - 2014-03-04 18:54 - 00000000 ____D () C:\Qoobox
2014-03-04 19:20 - 2010-11-19 15:55 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-04 19:18 - 2014-03-04 18:54 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-04 19:18 - 2001-08-23 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-04 19:11 - 2014-03-04 19:11 - 00000000 _RSHD () C:\cmdcons
2014-03-04 19:11 - 2010-11-19 16:35 - 00000327 __RSH () C:\boot.ini
2014-03-04 18:57 - 2014-03-04 18:57 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-03-04 18:52 - 2014-03-04 18:52 - 05186850 ____R (Swearware) C:\Documents and Settings\Neuanfang\Desktop\ComboFix.exe
2014-03-03 21:49 - 2014-03-03 21:49 - 02972214 _____ () C:\Documents and Settings\Neuanfang\Desktop\Virenquarantänenliste.bmp
2014-03-03 16:51 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Avg2014
2014-03-03 16:49 - 2014-03-03 16:49 - 00005730 _____ () C:\Documents and Settings\Neuanfang\Desktop\GMER.txt
2014-03-03 16:31 - 2014-03-03 16:31 - 00380416 _____ () C:\Documents and Settings\Neuanfang\Desktop\Gmer-19357.exe
2014-03-03 16:29 - 2014-03-03 16:29 - 00019653 _____ () C:\Documents and Settings\Neuanfang\Desktop\Addition.txt
2014-03-03 16:26 - 2014-03-03 16:25 - 00000480 _____ () C:\Documents and Settings\Neuanfang\Desktop\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000454 _____ () C:\Documents and Settings\Neuanfang\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000000 _____ () C:\Documents and Settings\Neuanfang\defogger_reenable
2014-03-03 16:20 - 2014-03-03 16:20 - 00050477 _____ () C:\Documents and Settings\Neuanfang\Desktop\Defogger.exe
2014-03-03 13:09 - 2014-03-03 13:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001745 _____ () C:\Documents and Settings\All Users\Desktop\AVG 1-Klick-Wartung.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2014-03-03 13:06 - 2014-03-03 12:28 - 00000000 ____D () C:\Program Files\AVG
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-03 12:52 - 2010-11-19 15:51 - 00001607 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-03-03 12:52 - 2010-11-19 15:48 - 00001574 _____ () C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk
2014-03-03 12:51 - 2010-11-19 15:57 - 00001599 _____ () C:\Documents and Settings\Neuanfang\Start Menu\Programs\Remote Assistance.lnk
2014-03-03 12:38 - 2012-05-10 10:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-03 12:36 - 2014-03-03 12:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-03-03 12:31 - 2014-03-03 12:31 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG2014
2014-03-03 12:30 - 2013-03-23 14:07 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\TuneUp Software
2014-03-03 12:29 - 2014-03-03 12:29 - 00000000 ___HD () C:\$AVG
2014-03-03 12:25 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\MFAData
2014-03-03 12:23 - 2013-07-01 16:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-03 11:31 - 2011-06-11 23:27 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-03-03 11:17 - 2011-01-05 15:52 - 00072192 _____ () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Documents and Settings\Neuanfang\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Neuanfang\Local Settings\temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2007-06-24 08:38] - [2007-06-24 08:38] - 1033216 ____A (Microsoft Corporation) 42d32722b805d7df42d30487a0bcbd78
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe
[2004-08-04 00:56] - [2004-08-04 00:56] - 0108032 ____A (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4
C:\WINDOWS\system32\User32.dll
[2007-06-24 08:40] - [2007-06-24 08:40] - 0578048 ____A (Microsoft Corporation) 7aa4f6c00405dfc4b70ed4214e7d687b
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2007-06-24 08:39] - [2007-06-24 08:39] - 0399360 ____A (Microsoft Corporation) 348f04e3582ef2467ee5379d67b99fd7
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- Bin langsam sehr frustriert :-( Liebe Grüße Ziege |
|
16.03.2014, 17:38
| #8 |
| /// the machine /// TB-Ausbilder | Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme Is ja auch kein Wunder, du weigerst Dich seit 7 Jahren Windows Updates zu machen. Java und ADobe updaten, an dem Rechner wird nix mehr gemacht bis die 7 Jahre Windows Updates drauf sind. Und gib gas, der Support für XP wird am 8.April komplett eingestellt. Passwörter für EMail und Facebook ändern.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.03.2014, 23:10
| #9 |
| | Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme Das JAva und Adobe Update habe ich noch nicht gemacht, aber die Windows Updates. Hab mir erst das ServicePack 3 geholt und dann diese Vollversion mit den ganzen Updates von winfuture.de...ich hoffe, dass ich alles richtig gemacht habe -.- Facebookpasswort ist geändert. Mit den E-Mailadressen ist das nicht so leicht.... beide Mailaddys sind bei Hotmail.de...und an die jeweiligen Emailaddys werden die Sicherheitscodes gesandt, wenn solch EIN Fall auftritt...da aber beide Emailaddys gehackt sind, komme ich momentan nicht viel weiter. Das einzige was ich bisher erreichen konnte, ist dass ich bei einer Mailaddy das Passwort ändern konnte (hatte Gott sei Dank noch nen anderen Sicherheitsdings)...dann habe ich aber noch irgendwas angestellt und das Emailkonto erstmal für 30 Tage gesperrt. An das noch gehackte Konto komme ich also erst in 30 Tagen... Schauber... sicherlich geht es dir gerade so:  Das ist mir alles sehr peinlich... |
|
17.03.2014, 11:51
| #10 |
| /// the machine /// TB-Ausbilder | Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme die Email konten musste dann im Nachgang machen, oder schreib Hotmal Support mal an. frisches FRST log bitte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.03.2014, 18:31
| #11 |
| | Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme Hallo Schrauber, also irgendwie ist jetzt alles noch langsamer geworden -.- ob ich wohl was falsch mache? :-/ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Neuanfang (administrator) on FRANZI on 17-03-2014 18:10:34
Running from C:\Documents and Settings\Neuanfang\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(RapidSolution Software AG) C:\Program Files\Audials\Audials 10\VCDWriter\32\VCDAudioService.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Realtek Semiconductor Corp.) C:\Documents and Settings\Neuanfang\Local Settings\temp\RtkBtMnt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\SoftwareDistribution\Download\9fde9e01ce6bf8c44a3e27ce1cef8148\update\update.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgmfapx.exe
(Microsoft Corporation) C:\WINDOWS\system32\WBEM\WMIADAP.EXE
(Google Inc.) C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16132608 2007-05-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKU\.DEFAULT\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Plus-HD-9.2 - {11111111-1111-1111-1111-110511291118} - C:\Program Files\Plus-HD-9.2\Plus-HD-9.2-bho.dll (Plus HD)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.89.1 194.25.0.60 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Documents and Settings\Neuanfang\Desktop\npAmazonMP3DownloaderPlugin101799.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-9.2 - C:\Documents and Settings\Neuanfang\Application Data\Mozilla\Firefox\Profiles\rwoajh9q.default-1355656851140\Extensions\51bd5ab0-25c4-4e68-9976-d6d165b4fc0e@6dd65d28-39a7-4c89-a227-9433ee9856cf.com [2014-03-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-02-11]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-02-11]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-11-30]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www.google.com
CHR Extension: (YouTube) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-11-30]
CHR Extension: (AT_DonnaKaran) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fijgnliiiplghalknhobbcngpcngaoji [2011-02-16]
CHR Extension: (DivX HiQ) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-02-13]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-09-16]
CHR Extension: (Plus-HD-9.2) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpiiejafhmcmplppmlkdhijiigdppjpb [2014-03-16]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-02-13]
CHR Extension: (Gmail) - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-11-30]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-09-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-11-30]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-15] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [118264 2014-03-10] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1741624 2013-12-18] (AVG)
R2 Virtual CDAudio Service; C:\Program Files\Audials\Audials 10\VCDWriter\32\VCDAudioService.exe [179464 2013-03-20] (RapidSolution Software AG)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
==================== Drivers (Whitelisted) ====================
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2007-09-20] (Broadcom Corp.)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RRNetCap; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-03-20] (RapidSolution Software AG)
R3 rsvcdwdr; C:\WINDOWS\System32\DRIVERS\rsvcdwdr.sys [35976 2013-03-20] (RapidSolution Software AG)
R3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [39048 2013-03-20] (RapidSolution Software AG)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-12-16] (TuneUp Software)
S3 catchme; \??\C:\DOCUME~1\NEUANF~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-17 18:10 - 2014-03-17 18:15 - 00019066 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST.txt
2014-03-17 18:07 - 2014-03-17 18:14 - 00025849 _____ () C:\WINDOWS\KB982381-IE7.log
2014-03-17 18:07 - 2014-03-17 18:07 - 00000000 ____D () C:\WINDOWS\LastGood
2014-03-16 23:46 - 2014-03-16 23:46 - 00143482 _____ () C:\WINDOWS\KB980218.log
2014-03-16 23:46 - 2014-03-16 23:46 - 00142981 _____ () C:\WINDOWS\KB952954.log
2014-03-16 23:46 - 2014-03-16 23:46 - 00142507 _____ () C:\WINDOWS\KB959426.log
2014-03-16 23:46 - 2014-03-16 23:46 - 00142130 _____ () C:\WINDOWS\KB956803.log
2014-03-16 23:46 - 2014-03-16 23:46 - 00141997 _____ () C:\WINDOWS\KB960859.log
2014-03-16 23:46 - 2014-03-16 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980218$
2014-03-16 23:46 - 2014-03-16 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859$
2014-03-16 23:46 - 2014-03-16 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-03-16 23:46 - 2014-03-16 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956803$
2014-03-16 23:46 - 2014-03-16 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952954$
2014-03-16 23:46 - 2014-03-16 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$
2014-03-16 23:45 - 2014-03-16 23:46 - 00142133 _____ () C:\WINDOWS\KB971468.log
2014-03-16 23:45 - 2014-03-16 23:45 - 00144795 _____ () C:\WINDOWS\KB979683.log
2014-03-16 23:45 - 2014-03-16 23:45 - 00139517 _____ () C:\WINDOWS\KB958869.log
2014-03-16 23:45 - 2014-03-16 23:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979683$
2014-03-16 23:45 - 2014-03-16 23:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971468$
2014-03-16 23:45 - 2014-03-16 23:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958869$
2014-03-16 23:44 - 2014-03-16 23:44 - 00142876 _____ () C:\WINDOWS\KB955759.log
2014-03-16 23:44 - 2014-03-16 23:44 - 00142206 _____ () C:\WINDOWS\KB980232.log
2014-03-16 23:44 - 2014-03-16 23:44 - 00141618 _____ () C:\WINDOWS\KB980195.log
2014-03-16 23:44 - 2014-03-16 23:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980232$
2014-03-16 23:44 - 2014-03-16 23:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980195$
2014-03-16 23:44 - 2014-03-16 23:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2014-03-16 23:42 - 2014-03-16 23:42 - 00141042 _____ () C:\WINDOWS\KB974318.log
2014-03-16 23:42 - 2014-03-16 23:42 - 00139921 _____ () C:\WINDOWS\KB981349.log
2014-03-16 23:42 - 2014-03-16 23:42 - 00139647 _____ () C:\WINDOWS\KB2229593.log
2014-03-16 23:42 - 2014-03-16 23:42 - 00139605 _____ () C:\WINDOWS\KB969059.log
2014-03-16 23:42 - 2014-03-16 23:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981349$
2014-03-16 23:42 - 2014-03-16 23:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974318$
2014-03-16 23:42 - 2014-03-16 23:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969059$
2014-03-16 23:42 - 2014-03-16 23:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2229593$
2014-03-16 23:41 - 2014-03-16 23:41 - 00139892 _____ () C:\WINDOWS\KB950974.log
2014-03-16 23:41 - 2014-03-16 23:41 - 00139222 _____ () C:\WINDOWS\KB978037.log
2014-03-16 23:41 - 2014-03-16 23:41 - 00139033 _____ () C:\WINDOWS\KB975713.log
2014-03-16 23:41 - 2014-03-16 23:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978037$
2014-03-16 23:41 - 2014-03-16 23:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975713$
2014-03-16 23:41 - 2014-03-16 23:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950974$
2014-03-16 23:40 - 2014-03-16 23:40 - 00138371 _____ () C:\WINDOWS\KB978338.log
2014-03-16 23:40 - 2014-03-16 23:40 - 00138343 _____ () C:\WINDOWS\KB971657.log
2014-03-16 23:40 - 2014-03-16 23:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978338$
2014-03-16 23:40 - 2014-03-16 23:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2014-03-16 23:40 - 2014-03-16 23:40 - 00000000 ____D () C:\WINDOWS\ie7updates
2014-03-16 23:39 - 2014-03-16 23:40 - 00137267 _____ () C:\WINDOWS\KB961118.log
2014-03-16 23:39 - 2014-03-16 23:39 - 00137850 _____ () C:\WINDOWS\KB960225.log
2014-03-16 23:39 - 2014-03-16 23:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB972270$
2014-03-16 23:39 - 2014-03-16 23:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961118$
2014-03-16 23:39 - 2014-03-16 23:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960225$
2014-03-16 23:38 - 2014-03-16 23:39 - 00138278 _____ () C:\WINDOWS\KB956744.log
2014-03-16 23:38 - 2014-03-16 23:38 - 00137849 _____ () C:\WINDOWS\KB974112.log
2014-03-16 23:38 - 2014-03-16 23:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974112$
2014-03-16 23:38 - 2014-03-16 23:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956744$
2014-03-16 23:37 - 2014-03-16 23:38 - 00141861 _____ () C:\WINDOWS\KB956572.log
2014-03-16 23:37 - 2014-03-16 23:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956572$
2014-03-16 23:36 - 2014-03-16 23:36 - 00134092 _____ () C:\WINDOWS\KB956844.log
2014-03-16 23:36 - 2014-03-16 23:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956844$
2014-03-16 23:35 - 2014-03-16 23:36 - 00136375 _____ () C:\WINDOWS\KB961501.log
2014-03-16 23:35 - 2014-03-16 23:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961501$
2014-03-16 23:29 - 2014-03-16 23:29 - 00135017 _____ () C:\WINDOWS\KB975025.log
2014-03-16 23:29 - 2014-03-16 23:29 - 00133424 _____ () C:\WINDOWS\KB973869.log
2014-03-16 23:29 - 2014-03-16 23:29 - 00133402 _____ () C:\WINDOWS\KB975561.log
2014-03-16 23:29 - 2014-03-16 23:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975561$
2014-03-16 23:29 - 2014-03-16 23:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975025$
2014-03-16 23:29 - 2014-03-16 23:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973869$
2014-03-16 23:27 - 2014-03-16 23:27 - 00015909 _____ () C:\WINDOWS\KB952004.log
2014-03-16 23:27 - 2014-03-16 23:27 - 00013998 _____ () C:\WINDOWS\KB974571.log
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974571$
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952004$
2014-03-16 23:26 - 2014-03-16 23:26 - 00013487 _____ () C:\WINDOWS\KB973507.log
2014-03-16 23:26 - 2014-03-16 23:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973507$
2014-03-16 23:26 - 2014-03-16 23:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB941569$
2014-03-16 23:25 - 2014-03-16 23:26 - 00020068 _____ () C:\WINDOWS\KB941569.log
2014-03-16 23:25 - 2014-03-16 23:25 - 00013768 _____ () C:\WINDOWS\KB973687.log
2014-03-16 23:25 - 2014-03-16 23:25 - 00012766 _____ () C:\WINDOWS\KB977816.log
2014-03-16 23:25 - 2014-03-16 23:25 - 00012532 _____ () C:\WINDOWS\KB950762.log
2014-03-16 23:25 - 2014-03-16 23:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981793$
2014-03-16 23:25 - 2014-03-16 23:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977816$
2014-03-16 23:25 - 2014-03-16 23:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973687$
2014-03-16 23:25 - 2014-03-16 23:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762$
2014-03-16 23:24 - 2014-03-16 23:25 - 00009767 _____ () C:\WINDOWS\KB981793.log
2014-03-16 23:24 - 2014-03-16 23:25 - 00004134 _____ () C:\WINDOWS\system32\TZLog.log
2014-03-16 23:24 - 2014-03-16 23:24 - 00012495 _____ () C:\WINDOWS\KB978601.log
2014-03-16 23:24 - 2014-03-16 23:24 - 00012121 _____ () C:\WINDOWS\KB979559.log
2014-03-16 23:24 - 2014-03-16 23:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979559$
2014-03-16 23:24 - 2014-03-16 23:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978601$
2014-03-16 23:23 - 2014-03-16 23:23 - 00012343 _____ () C:\WINDOWS\KB973904.log
2014-03-16 23:23 - 2014-03-16 23:23 - 00011321 _____ () C:\WINDOWS\KB952287.log
2014-03-16 23:23 - 2014-03-16 23:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973904$
2014-03-16 23:23 - 2014-03-16 23:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287$
2014-03-16 23:22 - 2014-03-16 23:23 - 00011434 _____ () C:\WINDOWS\KB959772.log
2014-03-16 23:22 - 2014-03-16 23:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959772_WM11$
2014-03-16 23:22 - 2014-03-16 23:22 - 00011299 _____ () C:\WINDOWS\KB979309.log
2014-03-16 23:22 - 2014-03-16 23:22 - 00008470 _____ () C:\WINDOWS\KB976002-v5.log
2014-03-16 23:22 - 2014-03-16 23:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979309$
2014-03-16 23:21 - 2014-03-16 23:21 - 00011603 _____ () C:\WINDOWS\KB958644.log
2014-03-16 23:21 - 2014-03-16 23:21 - 00011140 _____ () C:\WINDOWS\KB955069.log
2014-03-16 23:21 - 2014-03-16 23:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958644$
2014-03-16 23:21 - 2014-03-16 23:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955069$
2014-03-16 23:20 - 2014-03-16 23:20 - 00009392 _____ () C:\WINDOWS\KB954154.log
2014-03-16 23:20 - 2014-03-16 23:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954154_WM11$
2014-03-16 23:20 - 2014-03-16 23:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB936782_WMP11$
2014-03-16 23:18 - 2014-03-16 23:20 - 00016086 _____ () C:\WINDOWS\KB936782.log
2014-03-16 23:16 - 2014-03-16 23:17 - 00011137 _____ () C:\WINDOWS\KB923561.log
2014-03-16 23:16 - 2014-03-16 23:16 - 00010083 _____ () C:\WINDOWS\KB975467.log
2014-03-16 23:16 - 2014-03-16 23:16 - 00009538 _____ () C:\WINDOWS\KB971961.log
2014-03-16 23:16 - 2014-03-16 23:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975467$
2014-03-16 23:16 - 2014-03-16 23:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971961$
2014-03-16 23:16 - 2014-03-16 23:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB923561$
2014-03-16 23:15 - 2014-03-17 18:07 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-03-16 23:15 - 2014-03-16 23:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968389$
2014-03-16 23:14 - 2014-03-16 23:16 - 00010686 _____ () C:\WINDOWS\KB968389.log
2014-03-16 23:14 - 2008-10-23 13:36 - 00286720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gdi32.dll
2014-03-16 23:10 - 2010-03-09 12:09 - 00430080 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vbscript.dll
2014-03-16 23:10 - 2010-02-12 05:33 - 00100864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\6to4svc.dll
2014-03-16 23:10 - 2010-02-11 13:02 - 00226880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tcpip6.sys
2014-03-16 23:10 - 2009-12-14 08:08 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\csrsrv.dll
2014-03-16 23:10 - 2009-12-08 10:23 - 00474112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\shlwapi.dll
2014-03-16 23:10 - 2009-10-12 14:38 - 00149504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rastls.dll
2014-03-16 23:10 - 2009-10-12 14:38 - 00079872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\raschap.dll
2014-03-16 23:10 - 2009-07-17 17:22 - 01435648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\query.dll
2014-03-16 23:10 - 2009-06-10 07:14 - 00132096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wkssvc.dll
2014-03-16 23:10 - 2008-07-07 21:26 - 00253952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\es.dll
2014-03-16 23:09 - 2010-02-05 19:27 - 01291776 ____C () C:\WINDOWS\system32\dllcache\quartz.dll
2014-03-16 23:09 - 2009-11-27 18:11 - 00017920 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msyuv.dll
2014-03-16 23:09 - 2009-09-04 22:03 - 00058880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msasn1.dll
2014-03-16 23:09 - 2009-07-17 20:01 - 00058880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atl.dll
2014-03-16 23:09 - 2009-05-07 16:32 - 00345600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\localspl.dll
2014-03-16 23:09 - 2008-06-12 15:23 - 00956928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdtctm.dll
2014-03-16 23:09 - 2008-06-12 15:23 - 00161792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdtcuiu.dll
2014-03-16 23:09 - 2008-06-12 15:23 - 00091648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mtxoci.dll
2014-03-16 23:09 - 2008-06-12 15:23 - 00066560 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mtxclu.dll
2014-03-16 23:09 - 2008-06-12 15:23 - 00058880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdtclog.dll
2014-03-16 22:58 - 2014-03-16 22:58 - 00000677 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-16 22:58 - 2014-03-16 22:58 - 00000677 _____ () C:\WINDOWS\KB2925418-IE7.log
2014-03-16 22:49 - 2014-03-16 22:49 - 00000677 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-03-16 22:43 - 2014-03-16 22:43 - 00000686 _____ () C:\WINDOWS\KB2834904-v2.log
2014-03-16 22:31 - 2014-03-16 22:31 - 00000677 _____ () C:\WINDOWS\KB2797052-IE8.log
2014-03-16 22:31 - 2014-03-16 22:31 - 00000677 _____ () C:\WINDOWS\KB2797052-IE7.log
2014-03-16 22:31 - 2014-03-16 22:31 - 00000673 _____ () C:\WINDOWS\KB2797052.log
2014-03-16 22:20 - 2014-03-16 22:20 - 00286432 _____ () C:\WINDOWS\msxml4-KB2758694-deu.LOG
2014-03-16 22:20 - 2014-03-16 22:20 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-03-16 22:15 - 2014-03-16 22:15 - 00000676 _____ () C:\WINDOWS\KB2705219-v2.log
2014-03-16 22:10 - 2014-03-16 22:10 - 00000738 _____ () C:\WINDOWS\KB2686509.log
2014-03-16 22:10 - 2014-03-16 22:10 - 00000655 _____ () C:\WINDOWS\KB2661637.log
2014-03-16 22:10 - 2014-03-16 22:10 - 00000655 _____ () C:\WINDOWS\KB2584146.log
2014-03-16 21:35 - 2014-03-16 21:35 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\PCHealth
2014-03-16 21:31 - 2010-04-20 06:30 - 00285696 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\dllcache\atmfd.dll
2014-03-16 21:31 - 2009-06-12 13:31 - 00080896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tlntsess.exe
2014-03-16 21:31 - 2009-06-12 13:31 - 00076288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\telnet.exe
2014-03-16 21:31 - 2009-03-21 15:06 - 00989696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kernel32.dll
2014-03-16 21:31 - 2008-06-24 17:43 - 00074240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mscms.dll
2014-03-16 21:30 - 2008-08-14 11:04 - 00138496 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\afd.sys
2014-03-16 21:30 - 2008-06-13 12:05 - 00272128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bthport.sys
2014-03-16 21:29 - 2009-12-31 17:50 - 00353792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\srv.sys
2014-03-16 21:03 - 2010-02-24 14:11 - 00455680 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mrxsmb.sys
2014-03-16 21:03 - 2009-11-21 16:51 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2014-03-16 21:00 - 2014-03-16 22:09 - 00001304 _____ () C:\WINDOWS\KB2536276-v2.log
2014-03-16 20:57 - 2014-03-16 22:05 - 00001234 _____ () C:\WINDOWS\KB2544893-v2.log
2014-03-16 20:56 - 2014-03-16 22:05 - 00001305 _____ () C:\WINDOWS\KB2510531-IE8.log
2014-03-16 20:51 - 2014-03-16 21:59 - 00001299 _____ () C:\WINDOWS\KB2483618.log
2014-03-16 20:51 - 2014-03-16 21:59 - 00001299 _____ () C:\WINDOWS\KB2479943.log
2014-03-16 20:50 - 2014-03-16 21:59 - 00001299 _____ () C:\WINDOWS\KB2419632.log
2014-03-16 20:47 - 2014-03-16 21:55 - 00001302 _____ () C:\WINDOWS\KB971961-IE8.log
2014-03-16 20:41 - 2010-06-14 15:31 - 00744448 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\helpsvc.exe
2014-03-16 20:40 - 2009-10-15 17:28 - 00119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\t2embed.dll
2014-03-16 20:40 - 2009-10-15 17:28 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fontsub.dll
2014-03-16 20:40 - 2009-01-09 20:19 - 01089593 ____C () C:\WINDOWS\system32\dllcache\ntprint.cat
2014-03-16 20:39 - 2010-02-17 09:10 - 02189952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2014-03-16 20:39 - 2010-02-16 15:08 - 02146304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2014-03-16 20:39 - 2010-02-16 14:25 - 02024448 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2014-03-16 20:39 - 2009-03-06 15:22 - 00284160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pdh.dll
2014-03-16 20:39 - 2009-02-09 13:10 - 00714752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntdll.dll
2014-03-16 20:39 - 2009-02-09 13:10 - 00617472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\advapi32.dll
2014-03-16 20:39 - 2009-02-09 13:10 - 00473600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fastprox.dll
2014-03-16 20:39 - 2009-02-09 13:10 - 00453120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiprvsd.dll
2014-03-16 20:39 - 2009-02-09 13:10 - 00401408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rpcss.dll
2014-03-16 20:39 - 2009-02-06 12:11 - 00110592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\services.exe
2014-03-16 20:39 - 2009-02-06 11:10 - 00227840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiprvse.exe
2014-03-16 20:38 - 2009-06-21 22:44 - 00153088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\triedit.dll
2014-03-16 20:37 - 2009-10-23 16:28 - 03558912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\moviemk.exe
2014-03-16 20:37 - 2009-07-27 23:27 - 00128512 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dhtmled.ocx
2014-03-16 20:35 - 2010-05-02 06:22 - 01851264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\win32k.sys
2014-03-16 20:35 - 2008-05-08 15:02 - 00203136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rmcast.sys
2014-03-16 20:34 - 2014-03-16 23:46 - 00144422 _____ () C:\WINDOWS\KB951376-v2.log
2014-03-16 20:33 - 2014-03-16 23:40 - 00139706 _____ () C:\WINDOWS\KB938127-v2-IE7.log
2014-03-16 20:27 - 2014-03-16 21:44 - 00001846 _____ () C:\WINDOWS\ie8_main.log
2014-03-16 20:19 - 2010-02-12 11:03 - 00293376 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserchoice.exe
2014-03-16 20:19 - 2008-05-01 15:33 - 00331776 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msadce.dll
2014-03-16 20:15 - 2008-10-15 17:34 - 00337408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\netapi32.dll
2014-03-16 20:14 - 2009-09-11 15:18 - 00136192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msv1_0.dll
2014-03-16 20:14 - 2009-07-31 05:35 - 01172480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msxml3.dll
2014-03-16 20:14 - 2009-06-25 09:25 - 00730112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\lsasrv.dll
2014-03-16 20:14 - 2009-06-25 09:25 - 00301568 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kerberos.dll
2014-03-16 20:14 - 2009-06-25 09:25 - 00147456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\schannel.dll
2014-03-16 20:14 - 2009-06-25 09:25 - 00056832 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\secur32.dll
2014-03-16 20:14 - 2009-06-25 09:25 - 00054272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wdigest.dll
2014-03-16 20:14 - 2009-06-24 12:18 - 00092928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksecdd.sys
2014-03-16 20:02 - 2010-01-13 15:01 - 00086016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cabview.dll
2014-03-16 20:02 - 2009-12-24 07:59 - 00177664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wintrust.dll
2014-03-16 20:00 - 2009-11-21 16:51 - 01206508 ____C () C:\WINDOWS\system32\dllcache\sysmain.sdb
2014-03-16 20:00 - 2008-05-03 12:55 - 00002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsp4res.dll
2014-03-16 20:00 - 2008-04-21 13:08 - 00215552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wordpad.exe
2014-03-16 19:59 - 2009-08-13 16:16 - 00512000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jscript.dll
2014-03-16 19:50 - 2004-08-04 00:56 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2014-03-16 19:49 - 2014-03-16 19:49 - 00000251 _____ () C:\WINDOWS\system32\spupdwxp.log
2014-03-16 19:49 - 2014-03-16 19:49 - 00000187 _____ () C:\WINDOWS\spupdsvc.log.1.log
2014-03-16 19:32 - 2009-07-31 10:05 - 01372672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msxml6.dll
2014-03-16 19:32 - 2008-04-14 05:42 - 00023040 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ativmvxx.ax
2014-03-16 19:32 - 2008-04-14 05:42 - 00010752 ____N (Microsoft Corporation) C:\WINDOWS\system32\smtpapi.dll
2014-03-16 19:32 - 2008-04-14 05:42 - 00009728 ____N (Microsoft Corporation) C:\WINDOWS\system32\rwnh.dll
2014-03-16 19:32 - 2008-04-14 05:42 - 00009728 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ativdaxx.ax
2014-03-16 19:32 - 2008-04-14 05:41 - 01888992 ____N (ATI Technologies Inc. ) C:\WINDOWS\system32\ati3duag.dll
2014-03-16 19:32 - 2008-04-14 05:41 - 00870784 ____N (ATI Technologies Inc. ) C:\WINDOWS\system32\ati3d1ag.dll
2014-03-16 19:32 - 2008-04-14 05:41 - 00516768 ____N (ATI Technologies Inc. ) C:\WINDOWS\system32\ativvaxx.dll
2014-03-16 19:32 - 2008-04-14 05:41 - 00377984 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ati2dvaa.dll
2014-03-16 19:32 - 2008-04-14 05:41 - 00233472 ____N (Microsoft Corporation) C:\WINDOWS\system32\azroles.dll
2014-03-16 19:32 - 2008-04-14 05:41 - 00229376 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ati2cqag.dll
2014-03-16 19:32 - 2008-04-14 05:41 - 00201728 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ati2dvag.dll
2014-03-16 19:32 - 2008-04-14 05:41 - 00032768 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ativtmxx.dll
2014-03-16 19:32 - 2008-04-14 05:41 - 00007168 ____N (Microsoft Corporation) C:\WINDOWS\system32\bitsprx4.dll
2014-03-16 19:32 - 2008-04-14 05:40 - 00102912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dpcdll.dll
2014-03-16 19:32 - 2008-04-14 00:15 - 00046592 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irbus.sys
2014-03-16 19:32 - 2008-04-14 00:13 - 00009728 ____N (Microsoft Corporation) C:\WINDOWS\system32\comsdupd.exe
2014-03-16 19:32 - 2008-04-13 22:57 - 00079872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msxml6r.dll
2014-03-16 19:31 - 2014-03-16 19:31 - 00000000 ____D () C:\WINDOWS\system32\scripting
2014-03-16 19:31 - 2014-03-16 19:31 - 00000000 ____D () C:\WINDOWS\system32\bits
2014-03-16 19:31 - 2010-04-21 14:28 - 00046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzchange.exe
2014-03-16 19:31 - 2008-04-14 05:42 - 04274816 ____N (NVIDIA Corporation) C:\WINDOWS\system32\nv4_disp.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 01737856 ____N (Matrox Graphics Inc.) C:\WINDOWS\system32\mtxparhd.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00397056 ____N (S3 Graphics, Inc.) C:\WINDOWS\system32\s3gnb.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00291328 ____N (Microsoft Corporation) C:\WINDOWS\system32\qagentrt.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00286792 ____N (Smart Link) C:\WINDOWS\system32\slextspk.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00193024 ____N (Microsoft Corporation) C:\WINDOWS\system32\napmontr.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00188508 ____N (Smart Link) C:\WINDOWS\system32\slgen.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00176640 ____N (Microsoft Corporation) C:\WINDOWS\system32\napstat.exe
2014-03-16 19:31 - 2008-04-14 05:42 - 00155136 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssha.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00150528 ____N (Microsoft Corporation) C:\WINDOWS\system32\qagent.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00144384 ____N (Microsoft Corporation) C:\WINDOWS\system32\onex.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00076800 ____N (Microsoft Corporation) C:\WINDOWS\system32\qutil.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00073832 ____N (Smart Link) C:\WINDOWS\system32\slcoinst.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00073796 ____N (Smart Link) C:\WINDOWS\system32\slserv.exe
2014-03-16 19:31 - 2008-04-14 05:42 - 00062464 ____N (Microsoft Corporation) C:\WINDOWS\system32\qcliprov.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00061952 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasqec.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00050688 ____N (Microsoft Corporation) C:\WINDOWS\system32\tspkg.dll
2014-03-16 19:31 - 2008-04-14 05:42 - 00032866 ____N (Smart Link) C:\WINDOWS\system32\slrundll.exe
2014-03-16 19:31 - 2008-04-14 05:42 - 00032866 ____N (Smart Link) C:\WINDOWS\slrundll.exe
2014-03-16 19:31 - 2008-04-14 05:42 - 00032768 ____N (Microsoft Corporation) C:\WINDOWS\system32\setupn.exe
2014-03-16 19:31 - 2008-04-14 05:42 - 00030208 ____N (Microsoft Corporation) C:\WINDOWS\system32\napipsec.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00650752 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3ui.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00184832 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00180224 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00132096 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00126976 ____N (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00094208 ____N (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00086016 ____N (Conexant) C:\WINDOWS\system32\mdmxsdk.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00061440 ____N (Microsoft Corporation) C:\WINDOWS\system32\kmsvc.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00059392 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapqec.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00057856 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3cfg.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00056320 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00048640 ____N (Microsoft Corporation) C:\WINDOWS\system32\dhcpqec.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00040960 ____N (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00039936 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3gpclnt.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00039936 ____N (Microsoft Corporation) C:\WINDOWS\system32\dimsroam.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00037376 ____N (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00033792 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapsvc.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00032285 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\hsfcisp2.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00030720 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapolqec.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00026112 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00019456 ____N (Microsoft Corporation) C:\WINDOWS\system32\dimsntfy.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2014-03-16 19:31 - 2008-04-14 05:41 - 00009216 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3dlg.dll
2014-03-16 19:31 - 2008-04-13 23:45 - 00076800 ____N (Microsoft Corporation) C:\WINDOWS\system32\msshavmsg.dll
2014-03-16 19:23 - 2014-03-16 19:32 - 00000000 ____D () C:\WINDOWS\ServicePackFiles
2014-03-16 19:16 - 2014-03-16 23:46 - 00104392 _____ () C:\WINDOWS\updspapi.log
2014-03-16 19:16 - 2008-04-14 05:41 - 00004255 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv01nt5.dll
2014-03-16 19:16 - 2008-04-14 05:41 - 00003967 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv02nt5.dll
2014-03-16 19:16 - 2008-04-14 05:41 - 00003775 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv11nt5.dll
2014-03-16 19:16 - 2008-04-14 05:41 - 00003711 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv09nt5.dll
2014-03-16 19:16 - 2008-04-14 05:41 - 00003647 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv07nt5.dll
2014-03-16 19:16 - 2008-04-14 05:41 - 00003615 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv05nt5.dll
2014-03-16 19:16 - 2008-04-14 05:41 - 00003135 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv08nt5.dll
2014-03-16 19:16 - 2008-04-14 00:06 - 00044928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agpcpq.sys
2014-03-16 19:16 - 2008-04-14 00:06 - 00042752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\alim1541.sys
2014-03-16 19:16 - 2008-04-14 00:06 - 00042368 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agp440.sys
2014-03-16 19:15 - 2008-06-13 12:05 - 00272128 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-03-16 19:15 - 2008-04-14 05:42 - 00011325 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\vchnt5.dll
2014-03-16 19:15 - 2008-04-14 05:42 - 00003901 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\siint5.dll
2014-03-16 19:15 - 2008-04-14 05:41 - 00025471 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv04nt5.dll
2014-03-16 19:15 - 2008-04-14 05:41 - 00021183 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv01nt5.dll
2014-03-16 19:15 - 2008-04-14 05:41 - 00017279 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv10nt5.dll
2014-03-16 19:15 - 2008-04-14 05:41 - 00015423 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\ch7xxnt5.dll
2014-03-16 19:15 - 2008-04-14 05:41 - 00014143 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv06nt5.dll
2014-03-16 19:15 - 2008-04-14 05:41 - 00011359 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv02nt5.dll
2014-03-16 19:15 - 2008-04-14 00:26 - 00030592 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismpx.sys
2014-03-16 19:15 - 2008-04-14 00:26 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023x.sys
2014-03-16 19:15 - 2008-04-14 00:21 - 00101120 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2014-03-16 19:15 - 2008-04-14 00:16 - 00121984 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2014-03-16 19:15 - 2008-04-14 00:16 - 00059136 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2014-03-16 19:15 - 2008-04-14 00:16 - 00037888 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2014-03-16 19:15 - 2008-04-14 00:16 - 00036480 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthprint.sys
2014-03-16 19:15 - 2008-04-14 00:16 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2014-03-16 19:15 - 2008-04-14 00:16 - 00018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthusb.sys
2014-03-16 19:15 - 2008-04-14 00:16 - 00017024 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2014-03-16 19:15 - 2008-04-14 00:15 - 00019200 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidir.sys
2014-03-16 19:15 - 2008-04-14 00:13 - 00014208 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wacompen.sys
2014-03-16 19:15 - 2008-04-14 00:13 - 00012672 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mutohpen.sys
2014-03-16 19:15 - 2008-04-14 00:06 - 00046464 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gagp30kx.sys
2014-03-16 19:15 - 2008-04-14 00:06 - 00044672 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uagp35.sys
2014-03-16 19:15 - 2008-04-14 00:06 - 00043008 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdagp.sys
2014-03-16 19:15 - 2008-04-14 00:06 - 00042240 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\viaagp.sys
2014-03-16 19:15 - 2008-04-14 00:06 - 00040960 ____N (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\Drivers\sisagp.sys
2014-03-16 19:15 - 2008-04-14 00:06 - 00005888 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\smbali.sys
2014-03-16 19:15 - 2008-04-13 23:53 - 01309184 ____N (Smart Link) C:\WINDOWS\system32\Drivers\mtlstrm.sys
2014-03-16 19:15 - 2008-04-13 23:53 - 01041536 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\hsfdpsp2.sys
2014-03-16 19:15 - 2008-04-13 23:53 - 00685056 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\hsfcxts2.sys
2014-03-16 19:15 - 2008-04-13 23:53 - 00404990 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slntamr.sys
2014-03-16 19:15 - 2008-04-13 23:53 - 00220032 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\hsfbs2s2.sys
2014-03-16 19:15 - 2008-04-13 23:53 - 00180360 ____N (Smart Link) C:\WINDOWS\system32\Drivers\ntmtlfax.sys
2014-03-16 19:15 - 2008-04-13 23:53 - 00129535 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slnt7554.sys
2014-03-16 19:15 - 2008-04-13 23:53 - 00126686 ____N (Smart Link) C:\WINDOWS\system32\Drivers\mtlmnt5.sys
2014-03-16 19:15 - 2008-04-13 23:53 - 00095424 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slnthal.sys
2014-03-16 19:15 - 2008-04-13 23:53 - 00013776 ____N (Smart Link) C:\WINDOWS\system32\Drivers\recagent.sys
2014-03-16 19:15 - 2008-04-13 23:53 - 00013240 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slwdmsup.sys
2014-03-16 19:15 - 2008-04-13 23:53 - 00011868 ____N (Conexant) C:\WINDOWS\system32\Drivers\mdmxsdk.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 01897408 ____N (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nv4_mini.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00701440 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtag.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00452736 ____N (Matrox Graphics Inc.) C:\WINDOWS\system32\Drivers\mtxparhm.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00327040 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtaa.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00166912 ____N (S3 Graphics, Inc.) C:\WINDOWS\system32\Drivers\s3gnbm.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00104960 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinrvxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00073216 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atintuxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00063663 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1rvxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00063488 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinxsxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00057856 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinbtxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00056623 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1btxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00052224 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinraxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00036463 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1tuxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00034735 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1xsxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00031744 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinxbxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00030671 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1raxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00029455 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1xbxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00028672 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinsnxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00026367 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1snxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00025471 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\watv10nt.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00022271 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\watv06nt.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00021343 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1ttxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00014336 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinpdxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00013824 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinttxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00013824 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinmdxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00012047 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1pdxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00011935 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\wadv11nt.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00011871 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\wadv09nt.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00011807 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\wadv07nt.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00011615 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1mdxx.sys
2014-03-16 19:15 - 2008-04-13 22:04 - 00011295 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\wadv08nt.sys
2014-03-16 19:15 - 2007-04-02 21:36 - 00129045 ____N () C:\WINDOWS\system32\Drivers\cxthsfs2.cty
2014-03-16 19:15 - 2006-12-29 20:21 - 00064352 ____N () C:\WINDOWS\system32\Drivers\ativmc20.cod
2014-03-16 19:15 - 2006-12-29 20:02 - 00067866 ____N () C:\WINDOWS\system32\Drivers\netwlan5.img
2014-03-16 19:10 - 2008-07-08 14:02 - 00017272 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2014-03-16 19:10 - 2006-12-29 00:31 - 00019569 _____ () C:\WINDOWS\003335_.tmp
2014-03-16 19:04 - 2014-03-16 19:10 - 00000000 __HDC () C:\WINDOWS\$NtServicePackUninstall$
2014-03-16 18:58 - 2014-03-16 23:27 - 00132913 _____ () C:\WINDOWS\setupapi.log
2014-03-16 18:49 - 2014-03-17 18:04 - 00001502 _____ () C:\WINDOWS\Tasks\Plus-HD-9.2-updater.job
2014-03-16 18:49 - 2014-03-17 18:04 - 00001456 _____ () C:\WINDOWS\Tasks\Plus-HD-9.2-codedownloader.job
2014-03-16 18:49 - 2014-03-17 18:04 - 00001356 _____ () C:\WINDOWS\Tasks\Plus-HD-9.2-enabler.job
2014-03-16 18:48 - 2014-03-17 18:04 - 00003088 _____ () C:\WINDOWS\Tasks\Plus-HD-9.2-chromeinstaller.job
2014-03-16 18:48 - 2014-03-17 18:04 - 00002306 _____ () C:\WINDOWS\Tasks\Plus-HD-9.2-firefoxinstaller.job
2014-03-16 18:48 - 2014-03-16 21:30 - 00000000 ____D () C:\Program Files\Plus-HD-9.2
2014-03-16 18:35 - 2014-03-16 19:46 - 00498264 _____ () C:\WINDOWS\svcpack.log
2014-03-16 18:22 - 2014-03-16 21:33 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Desktop\WinXP
2014-03-15 20:04 - 2014-03-15 20:04 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Desktop\FRST-OlderVersion
2014-03-15 20:00 - 2014-03-15 20:00 - 00987442 _____ () C:\Documents and Settings\Neuanfang\Desktop\SecurityCheck.exe
2014-03-12 20:07 - 2014-03-12 20:07 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-03-12 20:07 - 2014-03-12 20:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-05 19:55 - 2014-03-05 19:55 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-05 19:54 - 2014-03-05 19:54 - 01037734 _____ (Thisisu) C:\Documents and Settings\Neuanfang\Desktop\JRT.exe
2014-03-05 19:43 - 2014-03-05 19:49 - 00000000 ____D () C:\AdwCleaner
2014-03-05 19:39 - 2014-03-05 19:39 - 01244192 _____ () C:\Documents and Settings\Neuanfang\Desktop\adwcleaner.exe
2014-03-05 19:06 - 2014-03-05 19:06 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\Malwarebytes
2014-03-05 19:05 - 2014-03-05 19:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-05 19:05 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-05 19:04 - 2014-03-05 19:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Neuanfang\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-04 19:20 - 2014-03-04 19:20 - 00021093 _____ () C:\ComboFix.txt
2014-03-04 19:11 - 2014-03-04 19:11 - 00000000 _RSHD () C:\cmdcons
2014-03-04 19:11 - 2010-11-19 15:45 - 00000211 _____ () C:\Boot.bak
2014-03-04 19:11 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-03-04 18:57 - 2014-03-04 18:57 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-03-04 18:55 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-04 18:55 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-04 18:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-04 18:55 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-04 18:54 - 2014-03-04 19:20 - 00000000 ____D () C:\Qoobox
2014-03-04 18:54 - 2014-03-04 19:18 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-04 18:52 - 2014-03-04 18:52 - 05186850 ____R (Swearware) C:\Documents and Settings\Neuanfang\Desktop\ComboFix.exe
2014-03-03 21:49 - 2014-03-03 21:49 - 02972214 _____ () C:\Documents and Settings\Neuanfang\Desktop\Virenquarantänenliste.bmp
2014-03-03 16:31 - 2014-03-03 16:31 - 00380416 _____ () C:\Documents and Settings\Neuanfang\Desktop\Gmer-19357.exe
2014-03-03 16:28 - 2014-03-17 18:10 - 00000000 ____D () C:\FRST
2014-03-03 16:27 - 2014-03-15 20:04 - 01145856 _____ (Farbar) C:\Documents and Settings\Neuanfang\Desktop\FRST.exe
2014-03-03 16:25 - 2014-03-03 16:26 - 00000480 _____ () C:\Documents and Settings\Neuanfang\Desktop\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000454 _____ () C:\Documents and Settings\Neuanfang\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000000 _____ () C:\Documents and Settings\Neuanfang\defogger_reenable
2014-03-03 16:20 - 2014-03-03 16:20 - 00050477 _____ () C:\Documents and Settings\Neuanfang\Desktop\Defogger.exe
2014-03-03 13:08 - 2014-03-03 13:08 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001745 _____ () C:\Documents and Settings\All Users\Desktop\AVG 1-Klick-Wartung.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2014-03-03 13:08 - 2013-12-18 09:38 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2014-03-03 13:05 - 2014-03-03 13:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-03 12:31 - 2014-03-03 12:31 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG2014
2014-03-03 12:30 - 2014-03-12 20:07 - 00000718 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-03 12:29 - 2014-03-03 12:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-03-03 12:29 - 2014-03-03 12:29 - 00000000 ___HD () C:\$AVG
2014-03-03 12:28 - 2014-03-03 13:06 - 00000000 ____D () C:\Program Files\AVG
2014-03-03 12:25 - 2014-03-17 18:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-03 12:25 - 2014-03-03 16:51 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Avg2014
2014-03-03 12:25 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\MFAData
==================== One Month Modified Files and Folders =======
2014-03-17 18:15 - 2014-03-17 18:10 - 00019066 _____ () C:\Documents and Settings\Neuanfang\Desktop\FRST.txt
2014-03-17 18:15 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-17 18:15 - 2012-06-05 20:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-17 18:14 - 2014-03-17 18:07 - 00025849 _____ () C:\WINDOWS\KB982381-IE7.log
2014-03-17 18:14 - 2010-11-19 15:50 - 01237342 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 18:11 - 2014-03-16 18:48 - 00000000 ____D () C:\Program Files\Plus-HD-9.2
2014-03-17 18:11 - 2011-02-13 12:57 - 00001206 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003UA.job
2014-03-17 18:10 - 2014-03-03 16:28 - 00000000 ____D () C:\FRST
2014-03-17 18:10 - 2010-11-19 16:37 - 00513832 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-17 18:07 - 2014-03-17 18:07 - 00000000 ____D () C:\WINDOWS\LastGood
2014-03-17 18:07 - 2014-03-16 23:15 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-03-17 18:06 - 2010-12-21 19:50 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 18:06 - 2010-11-19 18:17 - 00034707 _____ () C:\WINDOWS\spupdsvc.log
2014-03-17 18:05 - 2010-12-21 19:50 - 00001100 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 18:05 - 2010-11-19 16:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-17 18:05 - 2010-11-19 16:40 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-17 18:04 - 2014-03-16 18:49 - 00001502 _____ () C:\WINDOWS\Tasks\Plus-HD-9.2-updater.job
2014-03-17 18:04 - 2014-03-16 18:49 - 00001456 _____ () C:\WINDOWS\Tasks\Plus-HD-9.2-codedownloader.job
2014-03-17 18:04 - 2014-03-16 18:49 - 00001356 _____ () C:\WINDOWS\Tasks\Plus-HD-9.2-enabler.job
2014-03-17 18:04 - 2014-03-16 18:48 - 00003088 _____ () C:\WINDOWS\Tasks\Plus-HD-9.2-chromeinstaller.job
2014-03-17 18:04 - 2014-03-16 18:48 - 00002306 _____ () C:\WINDOWS\Tasks\Plus-HD-9.2-firefoxinstaller.job
2014-03-17 18:04 - 2010-11-19 17:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 18:04 - 2010-11-19 16:36 - 00213672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-17 18:04 - 2010-11-19 15:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-16 23:47 - 2013-03-23 14:08 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-03-16 23:47 - 2010-11-19 15:55 - 00032620 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-16 23:46 - 2014-03-16 23:46 - 00143482 _____ () C:\WINDOWS\KB980218.log
2014-03-16 23:46 - 2014-03-16 23:46 - 00142981 _____ () C:\WINDOWS\KB952954.log
2014-03-16 23:46 - 2014-03-16 23:46 - 00142507 _____ () C:\WINDOWS\KB959426.log
2014-03-16 23:46 - 2014-03-16 23:46 - 00142130 _____ () C:\WINDOWS\KB956803.log
2014-03-16 23:46 - 2014-03-16 23:46 - 00141997 _____ () C:\WINDOWS\KB960859.log
2014-03-16 23:46 - 2014-03-16 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980218$
2014-03-16 23:46 - 2014-03-16 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859$
2014-03-16 23:46 - 2014-03-16 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-03-16 23:46 - 2014-03-16 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956803$
2014-03-16 23:46 - 2014-03-16 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952954$
2014-03-16 23:46 - 2014-03-16 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$
2014-03-16 23:46 - 2014-03-16 23:45 - 00142133 _____ () C:\WINDOWS\KB971468.log
2014-03-16 23:46 - 2014-03-16 20:34 - 00144422 _____ () C:\WINDOWS\KB951376-v2.log
2014-03-16 23:46 - 2014-03-16 19:16 - 00104392 _____ () C:\WINDOWS\updspapi.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00445312 _____ () C:\WINDOWS\iis6.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00382519 _____ () C:\WINDOWS\FaxSetup.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00199046 _____ () C:\WINDOWS\ocgen.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00178562 _____ () C:\WINDOWS\tsoc.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00140543 _____ () C:\WINDOWS\comsetup.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00124282 _____ () C:\WINDOWS\msmqinst.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00083122 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00067444 _____ () C:\WINDOWS\netfxocm.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00027538 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00021224 _____ () C:\WINDOWS\ocmsn.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00020068 _____ () C:\WINDOWS\tabletoc.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00018919 _____ () C:\WINDOWS\msgsocm.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-16 23:46 - 2010-11-19 16:37 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-16 23:45 - 2014-03-16 23:45 - 00144795 _____ () C:\WINDOWS\KB979683.log
2014-03-16 23:45 - 2014-03-16 23:45 - 00139517 _____ () C:\WINDOWS\KB958869.log
2014-03-16 23:45 - 2014-03-16 23:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979683$
2014-03-16 23:45 - 2014-03-16 23:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971468$
2014-03-16 23:45 - 2014-03-16 23:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958869$
2014-03-16 23:44 - 2014-03-16 23:44 - 00142876 _____ () C:\WINDOWS\KB955759.log
2014-03-16 23:44 - 2014-03-16 23:44 - 00142206 _____ () C:\WINDOWS\KB980232.log
2014-03-16 23:44 - 2014-03-16 23:44 - 00141618 _____ () C:\WINDOWS\KB980195.log
2014-03-16 23:44 - 2014-03-16 23:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980232$
2014-03-16 23:44 - 2014-03-16 23:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980195$
2014-03-16 23:44 - 2014-03-16 23:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2014-03-16 23:44 - 2001-08-23 13:00 - 00000624 _____ () C:\WINDOWS\win.ini
2014-03-16 23:42 - 2014-03-16 23:42 - 00141042 _____ () C:\WINDOWS\KB974318.log
2014-03-16 23:42 - 2014-03-16 23:42 - 00139921 _____ () C:\WINDOWS\KB981349.log
2014-03-16 23:42 - 2014-03-16 23:42 - 00139647 _____ () C:\WINDOWS\KB2229593.log
2014-03-16 23:42 - 2014-03-16 23:42 - 00139605 _____ () C:\WINDOWS\KB969059.log
2014-03-16 23:42 - 2014-03-16 23:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981349$
2014-03-16 23:42 - 2014-03-16 23:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974318$
2014-03-16 23:42 - 2014-03-16 23:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969059$
2014-03-16 23:42 - 2014-03-16 23:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2229593$
2014-03-16 23:41 - 2014-03-16 23:41 - 00139892 _____ () C:\WINDOWS\KB950974.log
2014-03-16 23:41 - 2014-03-16 23:41 - 00139222 _____ () C:\WINDOWS\KB978037.log
2014-03-16 23:41 - 2014-03-16 23:41 - 00139033 _____ () C:\WINDOWS\KB975713.log
2014-03-16 23:41 - 2014-03-16 23:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978037$
2014-03-16 23:41 - 2014-03-16 23:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975713$
2014-03-16 23:41 - 2014-03-16 23:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950974$
2014-03-16 23:40 - 2014-03-16 23:40 - 00138371 _____ () C:\WINDOWS\KB978338.log
2014-03-16 23:40 - 2014-03-16 23:40 - 00138343 _____ () C:\WINDOWS\KB971657.log
2014-03-16 23:40 - 2014-03-16 23:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978338$
2014-03-16 23:40 - 2014-03-16 23:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2014-03-16 23:40 - 2014-03-16 23:40 - 00000000 ____D () C:\WINDOWS\ie7updates
2014-03-16 23:40 - 2014-03-16 23:39 - 00137267 _____ () C:\WINDOWS\KB961118.log
2014-03-16 23:40 - 2014-03-16 20:33 - 00139706 _____ () C:\WINDOWS\KB938127-v2-IE7.log
2014-03-16 23:39 - 2014-03-16 23:39 - 00137850 _____ () C:\WINDOWS\KB960225.log
2014-03-16 23:39 - 2014-03-16 23:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB972270$
2014-03-16 23:39 - 2014-03-16 23:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961118$
2014-03-16 23:39 - 2014-03-16 23:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960225$
2014-03-16 23:39 - 2014-03-16 23:38 - 00138278 _____ () C:\WINDOWS\KB956744.log
2014-03-16 23:38 - 2014-03-16 23:38 - 00137849 _____ () C:\WINDOWS\KB974112.log
2014-03-16 23:38 - 2014-03-16 23:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974112$
2014-03-16 23:38 - 2014-03-16 23:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956744$
2014-03-16 23:38 - 2014-03-16 23:37 - 00141861 _____ () C:\WINDOWS\KB956572.log
2014-03-16 23:37 - 2014-03-16 23:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956572$
2014-03-16 23:36 - 2014-03-16 23:36 - 00134092 _____ () C:\WINDOWS\KB956844.log
2014-03-16 23:36 - 2014-03-16 23:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956844$
2014-03-16 23:36 - 2014-03-16 23:35 - 00136375 _____ () C:\WINDOWS\KB961501.log
2014-03-16 23:36 - 2010-11-19 18:16 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-16 23:35 - 2014-03-16 23:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961501$
2014-03-16 23:29 - 2014-03-16 23:29 - 00135017 _____ () C:\WINDOWS\KB975025.log
2014-03-16 23:29 - 2014-03-16 23:29 - 00133424 _____ () C:\WINDOWS\KB973869.log
2014-03-16 23:29 - 2014-03-16 23:29 - 00133402 _____ () C:\WINDOWS\KB975561.log
2014-03-16 23:29 - 2014-03-16 23:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975561$
2014-03-16 23:29 - 2014-03-16 23:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975025$
2014-03-16 23:29 - 2014-03-16 23:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973869$
2014-03-16 23:29 - 2010-12-04 17:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-16 23:29 - 2010-11-19 15:49 - 00000000 ____D () C:\Program Files\Movie Maker
2014-03-16 23:27 - 2014-03-16 23:27 - 00015909 _____ () C:\WINDOWS\KB952004.log
2014-03-16 23:27 - 2014-03-16 23:27 - 00013998 _____ () C:\WINDOWS\KB974571.log
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974571$
2014-03-16 23:27 - 2014-03-16 23:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952004$
2014-03-16 23:27 - 2014-03-16 18:58 - 00132913 _____ () C:\WINDOWS\setupapi.log
2014-03-16 23:26 - 2014-03-16 23:26 - 00013487 _____ () C:\WINDOWS\KB973507.log
2014-03-16 23:26 - 2014-03-16 23:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973507$
2014-03-16 23:26 - 2014-03-16 23:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB941569$
2014-03-16 23:26 - 2014-03-16 23:25 - 00020068 _____ () C:\WINDOWS\KB941569.log
2014-03-16 23:25 - 2014-03-16 23:25 - 00013768 _____ () C:\WINDOWS\KB973687.log
2014-03-16 23:25 - 2014-03-16 23:25 - 00012766 _____ () C:\WINDOWS\KB977816.log
2014-03-16 23:25 - 2014-03-16 23:25 - 00012532 _____ () C:\WINDOWS\KB950762.log
2014-03-16 23:25 - 2014-03-16 23:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981793$
2014-03-16 23:25 - 2014-03-16 23:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977816$
2014-03-16 23:25 - 2014-03-16 23:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973687$
2014-03-16 23:25 - 2014-03-16 23:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762$
2014-03-16 23:25 - 2014-03-16 23:24 - 00009767 _____ () C:\WINDOWS\KB981793.log
2014-03-16 23:25 - 2014-03-16 23:24 - 00004134 _____ () C:\WINDOWS\system32\TZLog.log
2014-03-16 23:24 - 2014-03-16 23:24 - 00012495 _____ () C:\WINDOWS\KB978601.log
2014-03-16 23:24 - 2014-03-16 23:24 - 00012121 _____ () C:\WINDOWS\KB979559.log
2014-03-16 23:24 - 2014-03-16 23:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979559$
2014-03-16 23:24 - 2014-03-16 23:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978601$
2014-03-16 23:23 - 2014-03-16 23:23 - 00012343 _____ () C:\WINDOWS\KB973904.log
2014-03-16 23:23 - 2014-03-16 23:23 - 00011321 _____ () C:\WINDOWS\KB952287.log
2014-03-16 23:23 - 2014-03-16 23:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973904$
2014-03-16 23:23 - 2014-03-16 23:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287$
2014-03-16 23:23 - 2014-03-16 23:22 - 00011434 _____ () C:\WINDOWS\KB959772.log
2014-03-16 23:23 - 2014-03-16 23:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959772_WM11$
2014-03-16 23:23 - 2010-11-19 15:47 - 00010200 _____ () C:\WINDOWS\wmsetup.log
2014-03-16 23:22 - 2014-03-16 23:22 - 00011299 _____ () C:\WINDOWS\KB979309.log
2014-03-16 23:22 - 2014-03-16 23:22 - 00008470 _____ () C:\WINDOWS\KB976002-v5.log
2014-03-16 23:22 - 2014-03-16 23:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979309$
2014-03-16 23:21 - 2014-03-16 23:21 - 00011603 _____ () C:\WINDOWS\KB958644.log
2014-03-16 23:21 - 2014-03-16 23:21 - 00011140 _____ () C:\WINDOWS\KB955069.log
2014-03-16 23:21 - 2014-03-16 23:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958644$
2014-03-16 23:21 - 2014-03-16 23:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955069$
2014-03-16 23:20 - 2014-03-16 23:20 - 00009392 _____ () C:\WINDOWS\KB954154.log
2014-03-16 23:20 - 2014-03-16 23:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954154_WM11$
2014-03-16 23:20 - 2014-03-16 23:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB936782_WMP11$
2014-03-16 23:20 - 2014-03-16 23:18 - 00016086 _____ () C:\WINDOWS\KB936782.log
2014-03-16 23:17 - 2014-03-16 23:16 - 00011137 _____ () C:\WINDOWS\KB923561.log
2014-03-16 23:16 - 2014-03-16 23:16 - 00010083 _____ () C:\WINDOWS\KB975467.log
2014-03-16 23:16 - 2014-03-16 23:16 - 00009538 _____ () C:\WINDOWS\KB971961.log
2014-03-16 23:16 - 2014-03-16 23:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975467$
2014-03-16 23:16 - 2014-03-16 23:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971961$
2014-03-16 23:16 - 2014-03-16 23:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB923561$
2014-03-16 23:16 - 2014-03-16 23:14 - 00010686 _____ () C:\WINDOWS\KB968389.log
2014-03-16 23:15 - 2014-03-16 23:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968389$
2014-03-16 23:12 - 2010-11-19 15:57 - 00000278 ___SH () C:\Documents and Settings\Neuanfang\ntuser.ini
2014-03-16 22:59 - 2010-11-19 15:57 - 00000000 ____D () C:\Documents and Settings\Neuanfang
2014-03-16 22:58 - 2014-03-16 22:58 - 00000677 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-16 22:58 - 2014-03-16 22:58 - 00000677 _____ () C:\WINDOWS\KB2925418-IE7.log
2014-03-16 22:49 - 2014-03-16 22:49 - 00000677 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-03-16 22:43 - 2014-03-16 22:43 - 00000686 _____ () C:\WINDOWS\KB2834904-v2.log
2014-03-16 22:37 - 2010-11-19 18:17 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-03-16 22:31 - 2014-03-16 22:31 - 00000677 _____ () C:\WINDOWS\KB2797052-IE8.log
2014-03-16 22:31 - 2014-03-16 22:31 - 00000677 _____ () C:\WINDOWS\KB2797052-IE7.log
2014-03-16 22:31 - 2014-03-16 22:31 - 00000673 _____ () C:\WINDOWS\KB2797052.log
2014-03-16 22:20 - 2014-03-16 22:20 - 00286432 _____ () C:\WINDOWS\msxml4-KB2758694-deu.LOG
2014-03-16 22:20 - 2014-03-16 22:20 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-03-16 22:15 - 2014-03-16 22:15 - 00000676 _____ () C:\WINDOWS\KB2705219-v2.log
2014-03-16 22:10 - 2014-03-16 22:10 - 00000738 _____ () C:\WINDOWS\KB2686509.log
2014-03-16 22:10 - 2014-03-16 22:10 - 00000655 _____ () C:\WINDOWS\KB2661637.log
2014-03-16 22:10 - 2014-03-16 22:10 - 00000655 _____ () C:\WINDOWS\KB2584146.log
2014-03-16 22:09 - 2014-03-16 21:00 - 00001304 _____ () C:\WINDOWS\KB2536276-v2.log
2014-03-16 22:05 - 2014-03-16 20:57 - 00001234 _____ () C:\WINDOWS\KB2544893-v2.log
2014-03-16 22:05 - 2014-03-16 20:56 - 00001305 _____ () C:\WINDOWS\KB2510531-IE8.log
2014-03-16 21:59 - 2014-03-16 20:51 - 00001299 _____ () C:\WINDOWS\KB2483618.log
2014-03-16 21:59 - 2014-03-16 20:51 - 00001299 _____ () C:\WINDOWS\KB2479943.log
2014-03-16 21:59 - 2014-03-16 20:50 - 00001299 _____ () C:\WINDOWS\KB2419632.log
2014-03-16 21:55 - 2014-03-16 20:47 - 00001302 _____ () C:\WINDOWS\KB971961-IE8.log
2014-03-16 21:44 - 2014-03-16 20:27 - 00001846 _____ () C:\WINDOWS\ie8_main.log
2014-03-16 21:35 - 2014-03-16 21:35 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\PCHealth
2014-03-16 21:33 - 2014-03-16 18:22 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Desktop\WinXP
2014-03-16 20:42 - 2010-12-13 17:18 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\Skype
2014-03-16 20:34 - 2010-11-19 15:47 - 00000000 ____D () C:\Program Files\Messenger
2014-03-16 20:20 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\Help
2014-03-16 19:52 - 2010-11-19 16:36 - 00199872 _____ () C:\WINDOWS\setupact.log
2014-03-16 19:50 - 2010-11-19 15:57 - 00000738 _____ () C:\Documents and Settings\Neuanfang\Start Menu\Programs\Outlook Express.lnk
2014-03-16 19:50 - 2010-11-19 15:47 - 00000359 _____ () C:\WINDOWS\DtcInstall.log
2014-03-16 19:49 - 2014-03-16 19:49 - 00000251 _____ () C:\WINDOWS\system32\spupdwxp.log
2014-03-16 19:49 - 2014-03-16 19:49 - 00000187 _____ () C:\WINDOWS\spupdsvc.log.1.log
2014-03-16 19:49 - 2010-11-19 15:55 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-16 19:49 - 2001-08-23 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-16 19:46 - 2014-03-16 18:35 - 00498264 _____ () C:\WINDOWS\svcpack.log
2014-03-16 19:41 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\security
2014-03-16 19:34 - 2010-11-19 15:51 - 00001563 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-03-16 19:34 - 2010-11-19 15:48 - 00001281 _____ () C:\WINDOWS\sessmgr.setup.log
2014-03-16 19:34 - 2010-11-19 15:45 - 00000373 _____ () C:\WINDOWS\cmsetacl.log
2014-03-16 19:33 - 2010-11-19 15:45 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-03-16 19:32 - 2014-03-16 19:23 - 00000000 ____D () C:\WINDOWS\ServicePackFiles
2014-03-16 19:32 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-03-16 19:32 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\ime
2014-03-16 19:31 - 2014-03-16 19:31 - 00000000 ____D () C:\WINDOWS\system32\scripting
2014-03-16 19:31 - 2014-03-16 19:31 - 00000000 ____D () C:\WINDOWS\system32\bits
2014-03-16 19:31 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\system32\usmt
2014-03-16 19:31 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\PeerNet
2014-03-16 19:31 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\l2schemas
2014-03-16 19:22 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\system32\npp
2014-03-16 19:22 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\mui
2014-03-16 19:22 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\msagent
2014-03-16 19:22 - 2010-11-19 15:49 - 00000000 ____D () C:\WINDOWS\srchasst
2014-03-16 19:22 - 2010-11-19 15:48 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-03-16 19:22 - 2010-11-19 15:48 - 00000000 ____D () C:\Program Files\Outlook Express
2014-03-16 19:22 - 2010-11-19 15:48 - 00000000 ____D () C:\Program Files\NetMeeting
2014-03-16 19:22 - 2010-11-19 15:46 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-03-16 19:22 - 2010-11-19 15:46 - 00000000 ____D () C:\Program Files\Windows NT
2014-03-16 19:21 - 2010-11-19 15:48 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-16 19:20 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\system
2014-03-16 19:14 - 2004-08-03 22:59 - 00250048 __RSH () C:\ntldr
2014-03-16 19:10 - 2014-03-16 19:04 - 00000000 __HDC () C:\WINDOWS\$NtServicePackUninstall$
2014-03-16 19:10 - 2010-11-19 16:00 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-03-16 18:12 - 2010-11-19 16:36 - 03573647 _____ () C:\WINDOWS\setupapi.log.0.old
2014-03-15 21:09 - 2011-02-13 12:57 - 00001154 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-287218729-682003330-1003Core.job
2014-03-15 20:04 - 2014-03-15 20:04 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Desktop\FRST-OlderVersion
2014-03-15 20:04 - 2014-03-03 16:27 - 01145856 _____ (Farbar) C:\Documents and Settings\Neuanfang\Desktop\FRST.exe
2014-03-15 20:00 - 2014-03-15 20:00 - 00987442 _____ () C:\Documents and Settings\Neuanfang\Desktop\SecurityCheck.exe
2014-03-12 20:07 - 2014-03-12 20:07 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-03-12 20:07 - 2014-03-12 20:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-12 20:07 - 2014-03-03 12:30 - 00000718 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-12 20:00 - 2013-11-30 10:02 - 00000000 ____D () C:\Program Files\McAfee
2014-03-11 21:18 - 2012-06-05 20:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-11 21:18 - 2012-06-05 20:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-05 19:55 - 2014-03-05 19:55 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-05 19:54 - 2014-03-05 19:54 - 01037734 _____ (Thisisu) C:\Documents and Settings\Neuanfang\Desktop\JRT.exe
2014-03-05 19:49 - 2014-03-05 19:43 - 00000000 ____D () C:\AdwCleaner
2014-03-05 19:41 - 2010-11-19 16:28 - 00000000 ____D () C:\WINDOWS\pchealth
2014-03-05 19:39 - 2014-03-05 19:39 - 01244192 _____ () C:\Documents and Settings\Neuanfang\Desktop\adwcleaner.exe
2014-03-05 19:06 - 2014-03-05 19:06 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\Malwarebytes
2014-03-05 19:06 - 2014-03-05 19:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-05 19:05 - 2014-03-05 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-05 19:04 - 2014-03-05 19:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Neuanfang\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-04 19:20 - 2014-03-04 19:20 - 00021093 _____ () C:\ComboFix.txt
2014-03-04 19:20 - 2014-03-04 18:54 - 00000000 ____D () C:\Qoobox
2014-03-04 19:18 - 2014-03-04 18:54 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-04 19:18 - 2001-08-23 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-04 19:11 - 2014-03-04 19:11 - 00000000 _RSHD () C:\cmdcons
2014-03-04 19:11 - 2010-11-19 16:35 - 00000327 __RSH () C:\boot.ini
2014-03-04 18:57 - 2014-03-04 18:57 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-03-04 18:52 - 2014-03-04 18:52 - 05186850 ____R (Swearware) C:\Documents and Settings\Neuanfang\Desktop\ComboFix.exe
2014-03-03 21:49 - 2014-03-03 21:49 - 02972214 _____ () C:\Documents and Settings\Neuanfang\Desktop\Virenquarantänenliste.bmp
2014-03-03 16:51 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\Avg2014
2014-03-03 16:31 - 2014-03-03 16:31 - 00380416 _____ () C:\Documents and Settings\Neuanfang\Desktop\Gmer-19357.exe
2014-03-03 16:26 - 2014-03-03 16:25 - 00000480 _____ () C:\Documents and Settings\Neuanfang\Desktop\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000454 _____ () C:\Documents and Settings\Neuanfang\defogger_disable.log
2014-03-03 16:21 - 2014-03-03 16:21 - 00000000 _____ () C:\Documents and Settings\Neuanfang\defogger_reenable
2014-03-03 16:20 - 2014-03-03 16:20 - 00050477 _____ () C:\Documents and Settings\Neuanfang\Desktop\Defogger.exe
2014-03-03 13:09 - 2014-03-03 13:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001745 _____ () C:\Documents and Settings\All Users\Desktop\AVG 1-Klick-Wartung.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp 2014.lnk
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG
2014-03-03 13:08 - 2014-03-03 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2014-03-03 13:06 - 2014-03-03 12:28 - 00000000 ____D () C:\Program Files\AVG
2014-03-03 13:03 - 2014-03-03 13:03 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-03 12:52 - 2010-11-19 15:48 - 00001574 _____ () C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk
2014-03-03 12:51 - 2010-11-19 15:57 - 00001599 _____ () C:\Documents and Settings\Neuanfang\Start Menu\Programs\Remote Assistance.lnk
2014-03-03 12:38 - 2012-05-10 10:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-03 12:36 - 2014-03-03 12:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-03-03 12:31 - 2014-03-03 12:31 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\AVG2014
2014-03-03 12:30 - 2013-03-23 14:07 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Application Data\TuneUp Software
2014-03-03 12:29 - 2014-03-03 12:29 - 00000000 ___HD () C:\$AVG
2014-03-03 12:25 - 2014-03-03 12:25 - 00000000 ____D () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\MFAData
2014-03-03 12:23 - 2013-07-01 16:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-03 11:31 - 2011-06-11 23:27 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-03-03 11:17 - 2011-01-05 15:52 - 00072192 _____ () C:\Documents and Settings\Neuanfang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Documents and Settings\Neuanfang\Local Settings\temp\1393859675_the_wedownload_manager.exe
C:\Documents and Settings\Neuanfang\Local Settings\temp\1394449633_plus_hd_9_2_c.exe
C:\Documents and Settings\Neuanfang\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Neuanfang\Local Settings\temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
|
|
18.03.2014, 12:00
| #12 |
| /// the machine /// TB-Ausbilder | Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\.DEFAULT\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Wann oder bei was langsamer?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.03.2014, 22:16
| #13 |
| | Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme Hallo Schrauber, hier das FRST Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Neuanfang at 2014-03-18 22:06:29 Run:1
Running from C:\Documents and Settings\Neuanfang\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\.DEFAULT\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
*****************
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix => Value deleted successfully.
==== End of Fixlog ====
Manchmal kriege ich eine Meldung, dass ähm irgendwas nicht reagiert. Nicht Pop Up, aber vom Namen her sehr ähnlich. sorry -.- Und urplötzlich bauen sich verschiedene Seiten auf, die mir mitteilen, dass ich Mozilla auf den neuesten Stand bringen soll. Die URLs finde ich aber nicht gerade vertrauenserweckend. Beispiel: hxxp://www.lpcloudbox404.com/3C7327542038303D46272278326C5F731B75912E039EFB06BC1841544DCF40B8DF0E056E2830DA184D9E42FDBF3B7FCF?utm_source=Advertisedotcom&utm_term=trojaner-board%20trojaner-board.de&tgu_src_lp_domain=www.filesbunker.com&utm_medium=CPC&utm_campaign=LDncdjRB&utm_content=63640-1700_1043_de Trojaner Board ist in der URL ist in dem Link auch erwähnt?! Ich mache nur noch das, was du mir sagst  Liebe Grüße und gute Nacht! Und Schrauber: Danke! |
|
19.03.2014, 17:09
| #14 |
| /// the machine /// TB-Ausbilder | Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.03.2014, 19:52
| #15 |
| | Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme Hallo SChrauber, ich habe Mozilla mit diesem Programm, welches du empfohlen hast deinstalliert (mit allen Daten und Resten). Habe Mozilla aber nicht neu installiert, sondern Google Chrome... Nach wie vor werden Seiten seehr langsam aufgebaut, der PC reagiert sehr verspätet wenn ich auf einen Button im WWW drücke, wenn ich eine Seite öffne, öffnen sich gleichzeitig mehrere Tabs dass ich meinen Browser aktualisieren soll oder den Mediaplayer aktualisieren soll... Gerade habe ich "Bitte aktualisieren Sie Ihren Brower" und "Wie Sie Windows XP reparieren". Wenn ich den Laptop hochfahre brauch er lange bis er einsatzfähig ist und obwohl ich bspw. Google nicht geöffnet habe, sondern Skype nutzen will, öffnet sich Skype verspätet...wenn ich einen Anruf tätigen will rufe ich wohl schon lange an, aber es wird mir nicht angezeigt und ich höre es erst ca. 20 sec später klingeln bzw die Stimme. Des Weiteren habe ich die erste Zeit sehr viele Störungen in der Leitung, mit der Zeit gibt sich das aber. Gerade ist meine CPU bei 100%.. svchost.exe verbraucht 43, chrome.exe wird zwischen 2-4 Mal abwechselnd angezeigt.. mit zwischen 25-34 Prozent. .. Hast du noch irgendwelche Ratschläge :-/ Liebe Grüße und ein schönes Wochenende! |
|
| Themen zu Win XP: Internetprobleme, mehrere Trojaner, Wartungsprobleme |
| antivirus, avg antivirus, chromium, converter, dvdvideosoft ltd., firefox, hängt, iexplore.exe, mozilla, msiinstaller, newtab, ntdll.dll, pup.bprotector, pup.optional.babylon.a, pup.optional.bprotector.a, pup.optional.browserprotect.a, pup.optional.conduit.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.filescout.a, pup.optional.opencandy, pup.optional.startpage, pup.optional.sweetim.a, registry, required, siteadvisor, svchost.exe, system, windows, windows xp |
WARNUNG an die MITLESER: 
Linear-Darstellung
