| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ich scheine einen Virus oder Trojaner auf meinem System zu haben!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.03.2014, 09:31
| #1 |
 |  Ich scheine einen Virus oder Trojaner auf meinem System zu haben! Hallo, ihr lieben guten Helferchen, ich stellte vor ca. 4 Tagen fest, dass meine eingestellte Startseite im IE durch Google ersetzt war. Ich konnte das nicht mehr ändern. Daraufhin habe ich AntiVir drüberlaufen lassen wollen. Der Scan lief aber auf bei dem Ordner "Entwürfe" von IncrediMail. Ich schaute im Windows-Explorer nach diesem Ordner, der 6 GB groß war, obwohl keine Entwürfe von mir gespeichert waren. Ich löschte diesen Ordner. Dann startete ich das System neu. Es war wieder Google als Startseite drauf. Ich machte eine Systemrücksetzung auf die letzte Woche. Fuhr hoch, und meine gewünschte Startseite war wieder da. Am nächsten Tag aber war wieder Google drauf. Ich machte eine Systemrücksetzung auf den weitest zurückliegenden Tag. Meine Startseite war wieder da. Dann wollte ich Sophos Virus Removal Tool drüber laufen lassen, der jedoch ständig nach zwei Balken bei einem bestimmten Volumen hängen blieb. Ich habe mir in der Registry dieses Volumen angeschaut. Da ist unter anderem ein Eintrag "Lovelace" drin, der bestimmt nicht dahin gehört. Ich muss noch dazu sagen, ich bin 74 Jahre alt und weiblich. Ich besuche keine Sexseiten. Ich hoffe sehr, dass ihr mir helfen könnt bzw. dass ich auch alles hinbekomme, was ich machen soll. Es wäre ganz super, wenn mein System noch einmal in Ordnung kommt. Viele Grüße unbekannter Weise Schaefchen |
|
08.03.2014, 11:26
| #2 |
| /// the machine /// TB-Ausbilder    |  Ich scheine einen Virus oder Trojaner auf meinem System zu haben! hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
08.03.2014, 17:32
| #3 |
| | Ich scheine einen Virus oder Trojaner auf meinem System zu haben! Hallo Schrauber,
__________________hier kommen die beiden von dir angeforderten Dateien. Schön, dass du dich so rasch gemeldet hast. Gruß Schaefchen [CODE FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2014 01 Ran by IngridSchaaf (administrator) on INGRIDSCHAAF-PC on 08-03-2014 17:12:18 Running from C:\Users\IngridSchaaf\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (ASUS) C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Atheros) C:\Program Files\Atheros\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files\Atheros\Bluetooth Suite\adminservice.exe () C:\Program Files\Atomic Alarm Clock\timeserv.exe () C:\Program Files\Web Assistant\ExtensionUpdaterService.exe () C:\Program Files\StudioLine Photo Classic SE\NMSAccess32.exe (Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProSvc.exe (pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe () C:\Windows\system32\ntshruid.exe () C:\Windows\system32\PSIService.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe () C:\Program Files\Web Assistant\ExtensionUpdaterService.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUS) C:\Program Files\asus\ATK Hotkey\HControlUser.exe (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProTray.exe (Atheros Commnucations) C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\IncMail.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Thomas Ascher) C:\Program Files\ATnotes\ATnotes.exe (ashampoo GmbH & Co. KG) C:\Program Files\Ashampoo\Ashampoo Snap 5\ashsnap.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Drive Software Company) C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe () C:\Program Files\KatMouse\KatMouse.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\ImApp.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Symantec) C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [497024 2009-07-30] (ELAN Microelectronic Corp.) HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2154096 2000-01-01] (VIA) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-27] (Advanced Micro Devices, Inc.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-07] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Norton Ghost 14.0] - C:\Program Files\Norton Ghost\Agent\VProTray.exe [2245984 2008-01-19] (Symantec Corporation) HKLM\...\Run: [AtherosBtStack] - C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe [470176 2010-06-07] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] - C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe [289952 2010-06-07] (Atheros Commnucations) HKLM\...\Run: [Avira Systray] - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-02-24] (Avira Operations GmbH & Co. KG) HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [IncrediMail] - C:\Program Files\IncrediMail\bin\IncMail.exe [367168 2013-01-25] (IncrediMail, Ltd.) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [ATnotes.exe] - C:\Program Files\ATnotes\ATnotes.exe [1015808 2005-01-05] (Thomas Ascher) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [AshSnap] - C:\Program Files\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3400600 2012-08-03] (ashampoo GmbH & Co. KG) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-03-08] (SUPERAntiSpyware) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [AtomicAlarmClock6] - C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [3600896 2013-06-07] (Drive Software Company) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [Adobe Reader Synchronizer] - C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [698760 2013-12-21] (Adobe Systems Incorporated) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [Sony Ericsson PC Companion] - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [433872 2011-10-21] (Sony Ericsson) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) Startup: C:\Users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk ShortcutTarget: KatMouse.lnk -> C:\Program Files\KatMouse\KatMouse.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=62606&st=chrome&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01&q= HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://maltreff.collie.ch/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C8C47D51E0ECC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://www.psd-tutorials.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=62606&st=home&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=62606&st=chrome&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01&q= HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=62606&st=chrome&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=62606&st=chrome&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01&q= HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.certified-toolbar.com?si=62606&st=home&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=62606&st=chrome&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01&q= HKLM\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=62606&st=home&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01 HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=62606&st=chrome&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01&q= URLSearchHook: HKCU - (No Name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No File URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File SearchScopes: HKLM - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01&q={searchTerms} SearchScopes: HKLM - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01&q={searchTerms} SearchScopes: HKCU - BrowserMngrDefaultScope {9405B774-6922-44F7-BFD3-8584F7F8C570} SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://www.google.de/search?q={searchTerms}&rlz= BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\IngridSchaaf\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) BHO: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} https://picasaweb.google.com/s/v/73.31/uploader2.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com) Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\IngridSchaaf\AppData\Roaming\Mozilla\Firefox\Profiles\zjuun9cj.default FF user.js: detected! => C:\Users\IngridSchaaf\AppData\Roaming\Mozilla\Firefox\Profiles\zjuun9cj.default\user.js FF NewTab: hxxp://search.certified-toolbar.com?si=62606&st=newtab&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01 FF SearchEngineOrder.1: Web Search FF Homepage: hxxp://www.psd-tutorials.de/ FF Keyword.URL: hxxp://search.certified-toolbar.com?si=62606&st=chrome&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01&q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Plus-HD-4.9 - C:\Users\IngridSchaaf\AppData\Roaming\Mozilla\Firefox\Profiles\zjuun9cj.default\Extensions\d019febe-eb2b-4057-a3f2-7def88f2c9cd@1cced8ec-0ffe-43ea-b4b2-fbce5de8e9a4.com [2014-02-22] FF Extension: 4shared Desktop Plugin - C:\Users\IngridSchaaf\AppData\Roaming\Mozilla\Firefox\Profiles\zjuun9cj.default\Extensions\4sharedCopyLinks.xpi [2013-03-14] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013-12-10] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-10] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-10] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-10] FF Extension: Download Protect - C:\Program Files\Mozilla Firefox\extensions\{EB6908C5-1B6D-475E-AB6E-5AD209DEA64E} [2014-02-04] FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox FF Extension: No Name - C:\Program Files\Web Assistant\Firefox [2012-05-30] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-28] FF HKLM\...\Firefox\Extensions: [{EB6908C5-1B6D-475E-AB6E-5AD209DEA64E}] - C:\Program Files\Mozilla Firefox\extensions\{EB6908C5-1B6D-475E-AB6E-5AD209DEA64E} FF Extension: Download Protect - C:\Program Files\Mozilla Firefox\extensions\{EB6908C5-1B6D-475E-AB6E-5AD209DEA64E} [2014-02-04] Chrome: ======= CHR Extension: (Avira Browser Safety) - C:\Users\IngridSchaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-07] CHR Extension: (Google Wallet) - C:\Users\IngridSchaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07] CHR Extension: (Download Protect) - C:\Users\IngridSchaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlllpcfnnlcgcciikkgkkkegakkjhjd [2014-03-07] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-07] (SUPERAntiSpyware.com) S4 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-09-27] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-07] (Avira Operations GmbH & Co. KG) R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Atheros\Ath_CoexAgent.exe [151552 2010-05-24] (Atheros) R2 AtherosSvc; C:\Program Files\Atheros\Bluetooth Suite\adminservice.exe [38560 2010-06-07] (Atheros Commnucations) R2 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [117328 2014-02-24] (Avira Operations GmbH & Co. KG) R2 IB Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2012-11-20] () S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG) R2 NMSAccess; C:\Program Files\StudioLine Photo Classic SE\NMSAccess32.exe [71096 2010-05-06] () R2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4388192 2008-01-19] (Symantec Corporation) R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 prevhpst; C:\Windows\system32\ntshruid.exe [70656 2013-07-04] () R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] () S4 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software) R2 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) R3 SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1553896 2007-12-20] (Symantec) S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [296448 2013-05-19] () R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2000-01-01] (VIA Technologies, Inc.) R2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2012-11-20] () ==================== Drivers (Whitelisted) ==================== S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [28672 2000-01-01] (Alcor Micro, Corp.) S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [37224 2010-06-07] (Atheros) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG) S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [256360 2010-06-07] (Atheros) R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [28200 2010-06-07] (Atheros) S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [177704 2010-06-07] (Atheros) S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [46952 2010-06-07] (Atheros) S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [143080 2010-06-07] (Atheros) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [87040 2009-07-29] (ELAN Microelectronic Corp.) R3 HBtnKey; C:\Windows\System32\DRIVERS\tkbtnpn.sys [7463 2007-10-30] (Lenovo) R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [55848 2013-09-30] (Atheros Communications, Inc.) S3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100) R3 MTsensor32; C:\Windows\System32\DRIVERS\PuAcpi32.sys [14344 2009-06-04] () S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-15] (MCCI Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759872 2009-05-20] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2013-02-16] () R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [26816 2011-11-12] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-02-09] (TuneUp Software) R2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-01-19] (Symantec Corporation) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1804400 2000-01-01] (VIA Technologies, Inc.) S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [15088 2008-01-19] (Symantec Corporation) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-08 17:12 - 2014-03-08 17:12 - 00027699 _____ () C:\Users\IngridSchaaf\Downloads\FRST.txt 2014-03-08 17:10 - 2014-03-08 17:12 - 00000000 ____D () C:\FRST 2014-03-08 17:07 - 2014-03-08 17:08 - 01145344 _____ (Farbar) C:\Users\IngridSchaaf\Downloads\FRST.exe 2014-03-08 07:58 - 2014-03-08 07:58 - 00003225 _____ () C:\Users\IngridSchaaf\Desktop\Sophos Virus Removal Tool.lnk 2014-03-08 07:56 - 2014-03-08 07:56 - 85311952 _____ (Sophos Limited) C:\Users\IngridSchaaf\Downloads\Sophos Virus Removal Tool.exe 2014-03-07 18:22 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-07 18:22 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-07 18:22 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-07 18:22 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-07 18:22 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-07 18:22 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-07 18:22 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-07 18:22 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-07 18:22 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-07 18:22 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-07 18:22 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-07 18:22 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-07 18:22 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-07 18:22 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-07 18:22 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-07 18:22 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-07 18:22 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-07 18:22 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-07 18:22 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-07 18:22 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-07 18:22 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-07 18:15 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-07 18:04 - 2014-03-07 18:08 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-03-07 17:56 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-03-07 17:56 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-03-07 17:56 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-03-07 17:55 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-03-07 17:55 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-03-07 17:55 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-03-07 17:55 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-03-07 17:55 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-03-07 17:55 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-03-07 17:49 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-03-07 17:49 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-03-07 17:49 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-03-07 17:49 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-03-07 17:49 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-03-07 17:37 - 2014-03-07 17:37 - 00002012 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-07 17:37 - 2014-03-07 17:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-07 14:16 - 2014-03-07 14:16 - 00000000 ____D () C:\ProgramData\Sophos 2014-03-07 14:09 - 2014-03-07 14:09 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-03-07 14:09 - 2014-03-07 14:09 - 00000000 ____D () C:\Program Files\Sophos 2014-03-07 13:25 - 2014-03-07 13:36 - 00000000 ____D () C:\Windows\pss 2014-02-25 19:03 - 2014-02-25 19:03 - 00000000 ____D () C:\Program Files\Franzis 2014-02-11 13:50 - 2014-02-11 13:50 - 00679936 _____ (ScreenTime Media) C:\Windows\system32\Wein4243.scr 2014-02-11 13:50 - 2014-02-11 13:50 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Local\Screentime 2014-02-11 13:50 - 2014-02-11 13:50 - 00000000 ____D () C:\ProgramData\Screentime 2014-02-11 13:48 - 2014-02-11 13:49 - 59439069 _____ () C:\Users\IngridSchaaf\Downloads\Weingarten-Die-Berge-2014-PC.exe ==================== One Month Modified Files and Folders ======= 2014-03-08 17:12 - 2014-03-08 17:12 - 00027699 _____ () C:\Users\IngridSchaaf\Downloads\FRST.txt 2014-03-08 17:12 - 2014-03-08 17:10 - 00000000 ____D () C:\FRST 2014-03-08 17:08 - 2014-03-08 17:07 - 01145344 _____ (Farbar) C:\Users\IngridSchaaf\Downloads\FRST.exe 2014-03-08 17:06 - 2011-05-06 14:06 - 01932725 _____ () C:\Windows\WindowsUpdate.log 2014-03-08 17:06 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-08 17:06 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-08 17:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2014-03-08 17:02 - 2011-08-11 12:10 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini 2014-03-08 17:01 - 2013-09-30 10:59 - 00020441 _____ () C:\Windows\setupact.log 2014-03-08 16:54 - 2011-08-14 21:28 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Local\CrashDumps 2014-03-08 16:53 - 2011-05-06 16:03 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Local\Adobe 2014-03-08 09:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-03-08 07:58 - 2014-03-08 07:58 - 00003225 _____ () C:\Users\IngridSchaaf\Desktop\Sophos Virus Removal Tool.lnk 2014-03-08 07:56 - 2014-03-08 07:56 - 85311952 _____ (Sophos Limited) C:\Users\IngridSchaaf\Downloads\Sophos Virus Removal Tool.exe 2014-03-08 07:52 - 2012-02-08 16:30 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-03-07 18:22 - 2013-07-12 13:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-07 18:18 - 2011-05-06 14:47 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-07 18:11 - 2011-05-06 14:13 - 01603564 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-07 18:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-03-07 18:08 - 2014-03-07 18:04 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-03-07 18:04 - 2013-05-19 08:43 - 00000000 ____D () C:\ProgramData\Package Cache 2014-03-07 18:04 - 2012-10-17 11:52 - 00000000 ____D () C:\ProgramData\Avira 2014-03-07 18:04 - 2012-10-17 11:52 - 00000000 ____D () C:\Program Files\Avira 2014-03-07 17:37 - 2014-03-07 17:37 - 00002012 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-07 17:37 - 2014-03-07 17:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-07 17:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-03-07 17:28 - 2013-07-03 10:27 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Atomic Alarm Clock 6 2014-03-07 17:28 - 2012-08-23 08:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-07 17:28 - 2012-02-20 12:11 - 00000000 ____D () C:\Users\Administrator 2014-03-07 17:28 - 2012-02-02 12:22 - 00000000 ____D () C:\Program Files\Conduit 2014-03-07 17:28 - 2011-12-19 09:53 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-07 17:28 - 2011-05-10 13:57 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-03-07 17:28 - 2011-05-06 16:17 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\IrfanView 2014-03-07 17:28 - 2011-05-06 14:10 - 00000000 ____D () C:\Users\IngridSchaaf 2014-03-07 17:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-03-07 17:27 - 2011-05-06 15:39 - 00000000 ____D () C:\Windows\system32\Macromed 2014-03-07 17:25 - 2011-05-06 16:13 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Skype 2014-03-07 17:23 - 2013-12-10 09:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-07 17:22 - 2012-08-28 12:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-03-07 14:16 - 2014-03-07 14:16 - 00000000 ____D () C:\ProgramData\Sophos 2014-03-07 14:09 - 2014-03-07 14:09 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-03-07 14:09 - 2014-03-07 14:09 - 00000000 ____D () C:\Program Files\Sophos 2014-03-07 13:36 - 2014-03-07 13:25 - 00000000 ____D () C:\Windows\pss 2014-02-25 19:03 - 2014-02-25 19:03 - 00000000 ____D () C:\Program Files\Franzis 2014-02-22 16:28 - 2013-11-23 13:23 - 00017408 _____ () C:\Users\IngridSchaaf\AppData\Local\WebpageIcons.db 2014-02-11 13:50 - 2014-02-11 13:50 - 00679936 _____ (ScreenTime Media) C:\Windows\system32\Wein4243.scr 2014-02-11 13:50 - 2014-02-11 13:50 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Local\Screentime 2014-02-11 13:50 - 2014-02-11 13:50 - 00000000 ____D () C:\ProgramData\Screentime 2014-02-11 13:49 - 2014-02-11 13:48 - 59439069 _____ () C:\Users\IngridSchaaf\Downloads\Weingarten-Die-Berge-2014-PC.exe 2014-02-06 11:38 - 2014-03-07 18:22 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 11:20 - 2014-03-07 18:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 11:19 - 2014-03-07 18:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 11:01 - 2014-03-07 18:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 11:00 - 2014-03-07 18:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 10:57 - 2014-03-07 18:22 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 10:52 - 2014-03-07 18:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 10:52 - 2014-03-07 18:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 10:49 - 2014-03-07 18:22 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 10:47 - 2014-03-07 18:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 10:47 - 2014-03-07 18:22 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 10:46 - 2014-03-07 18:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 10:34 - 2014-03-07 18:22 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 10:25 - 2014-03-07 18:22 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 10:25 - 2014-03-07 18:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 10:13 - 2014-03-07 18:22 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 10:09 - 2014-03-07 18:22 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 10:03 - 2014-03-07 18:22 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 09:41 - 2014-03-07 18:22 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 09:36 - 2014-03-07 18:22 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 09:34 - 2014-03-07 18:22 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll C:\Users\Administrator\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\IngridSchaaf\AppData\Local\Temp\avgnt.exe C:\Users\IngridSchaaf\AppData\Local\Temp\FileSystemView.dll C:\Users\IngridSchaaf\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\IngridSchaaf\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\IngridSchaaf\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-11 09:45 ==================== End Of Log ============================ ][/CODE] Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-03-2014 01
Ran by IngridSchaaf at 2014-03-08 17:13:33
Running from C:\Users\IngridSchaaf\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (Version: - Microsoft) Hidden
4shared Desktop (HKLM\...\4shared Desktop) (Version: - )
Acronis*TrueImage (HKLM\...\TrueImage) (Version: - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Edge Animate (HKLM\...\{181241DD-2FC2-4CF9-94CE-97F3E37D6F0B}) (Version: 1.5 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Elements 8.0 (HKLM\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Advanced Registry Care Pro v2.0 (HKLM\...\{6B846EBF-47B3-4D5A-9885-E877FE78E097}_is1) (Version: - PCCareTools Software)
Alcor Micro USB Card Reader (HKLM\...\AmUStor) (Version: 1.8.1217.36096 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (Version: 1.8.1217.36096 - Alcor Micro Corp.) Hidden
Alien Skin Blow Up (HKLM\...\Blow Up) (Version: - )
Alien Skin Exposure (HKLM\...\Exposure) (Version: - )
Alien Skin Eye Candy 5 Impact (HKLM\...\EyeCandy5Impact) (Version: - )
Alien Skin Eye Candy 5 Nature (HKLM\...\EyeCandy5Nature) (Version: - )
Alien Skin Eye Candy 5 Textures (HKLM\...\EyeCandy5Textures) (Version: - )
Alien Skin Image Doctor 1.0 (HKLM\...\Image Doctor) (Version: - )
Alien Skin Xenofex 2.0 (HKLM\...\Xenofex2) (Version: - )
AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{F7E109CA-B38C-2E90-8575-5B003475EE7C}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2011.0927.2225.38375 - Ihr Firmenname) Hidden
AMD VISION Engine Control Center (Version: 2011.0927.2225.38375 - Ihr Firmenname) Hidden
AMP Font Viewer (HKLM\...\AMP Font Viewer) (Version: - )
AoA Audio Extractor (HKLM\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version: - AoAMedia.com)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage Studio Pro (HKLM\...\{E7C5374B-E41F-4634-9A64-7B9FF29089E9}) (Version: 3.0.7 - Ambient Design)
Ashampoo Burning Studio 2012 v.10.0.15 (HKLM\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
ASUS Virtual Camera (HKLM\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.18 - asus)
Atheros WLAN and Bluetooth Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
ATK Hotkey (HKLM\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATnotes Version 9.5 (HKLM\...\ATnotes_is1) (Version: 9.5 - Thomas Ascher)
Atomic Alarm Clock 6.12 (HKLM\...\Atomic Alarm Clock_is1) (Version: - Drive Software Company)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.29 - Avanquest Software)
Avira (HKLM\...\{7b05af00-d234-4cf0-8cc3-1fcb21da2374}) (Version: 1.0.5168.20630 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.0.5168.20630 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)
Bamboo Dock (HKLM\...\Bamboo Dock) (Version: 4.0 - Wacom Co., Ltd.)
Bamboo Dock (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bejeweled 2 Deluxe (HKLM\...\Bejeweled 2 Deluxe) (Version: - )
Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.1.0.22 - Atheros Communications)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon iP4800 series Benutzerregistrierung (HKLM\...\Canon iP4800 series Benutzerregistrierung) (Version: - )
Canon iP4800 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series) (Version: - )
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
CanoScan LiDE 90 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412) (Version: - )
Catalyst Control Center InstallProxy (Version: 2011.0927.2225.38375 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2011.0927.2225.38375 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (Version: 2011.0927.2225.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2011.0927.2224.38375 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2011.0927.2225.38375 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
Complitly (HKLM\...\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1) (Version: - Complitly) <==== ATTENTION
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
Corel Painter Essentials 4 (HKLM\...\_{53A908D4-99C6-469B-BC13-F4189F260742}) (Version: - Corel Corporation)
Corel Painter Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
CrystalDiskInfo 4.1.3 (HKLM\...\CrystalDiskInfo_is1) (Version: 4.1.3 - Crystal Dew World)
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Dream Aquarium (HKLM\...\DreamAqua) (Version: - )
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.0 - IObit)
ETDWare PS/2-x86 7.0.5.7_WHQL (HKLM\...\Elantech) (Version: - )
ExifCleaner 1.7 (HKLM\...\ExifCleaner) (Version: 1.7 - SuperUtils.com Software)
Exif-Viewer 2.51 (HKLM\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger)
Eye Candy 4000 (HKLM\...\Eye Candy 4000) (Version: - )
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - )
Filter Forge Freepack 1 - Metals 2.009 (HKLM\...\Filter Forge Freepack 1 - Metals_is1) (Version: - Filter Forge, Inc.)
Filter Forge Freepack 2 - Photo Effects 2.009 (HKLM\...\Filter Forge Freepack 2 - Photo Effects_is1) (Version: - Filter Forge, Inc.)
Filter Forge Freepack 3 - Frames 2.009 (HKLM\...\Filter Forge Freepack 3 - Frames_is1) (Version: - Filter Forge, Inc.)
Filter Forge Freepack 4 - Distortions 2.009 (HKLM\...\Filter Forge Freepack 4 - Distortions_is1) (Version: - Filter Forge, Inc.)
Filter Forge Freepack 5 - Hearts 2.009 (HKLM\...\Filter Forge Freepack 5 - Hearts_is1) (Version: - Filter Forge, Inc.)
Free Audio Converter version 5.0.27.725 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free AVI Video Converter version 5.0.27.725 (HKLM\...\Free AVI Video Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free Driver Scout (HKLM\...\{0029df54-d174-4986-90b9-efdfcbe9ea3d}) (Version: 1.0.0.64 - Covus Freemium)
Free Driver Scout (Version: 1.0.0.64 - Covus Freemium) Hidden
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
freenet.de SMS (HKLM\...\freenet.de SMS) (Version: 1.0.11 - freenet.de GmbH)
G-Filter (HKCU\...\{206a7328-437f-4bd9-b53e-12bfee24d588}) (Version: - G-Filter)
G-Force (HKLM\...\G-Force) (Version: 5.0 - SoundSpectrum)
Google Chrome (HKLM\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
IB Updater 2.0.0.550 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.550 - IncrediBar) <==== ATTENTION
Icy Tower v1.2 (44kHz) (HKLM\...\Icy Tower_is1) (Version: - Free Lunch Design)
IncrediMail (Version: 6.3.9.5254 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM\...\IncrediMail) (Version: 6.3.9.5254 - IncrediMail Ltd.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KatMouse (remove only) (HKLM\...\KatMouse) (Version: - )
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Livebrush Mini (HKLM\...\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1) (Version: 1.5 - MoreMeYou)
Livebrush Mini (Version: 1.5 - MoreMeYou) Hidden
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{13CD417D-F1F1-4AC4-945D-FDDEB884756F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Moo0 Font Viewer 1.12 (HKLM\...\Moo0 FontViewer) (Version: - )
MoodTuner (HKLM\...\com.gugga.radiomini) (Version: 1.1 - GUGA EOOD)
MoodTuner (Version: 1.1 - GUGA EOOD) Hidden
Morphyre (HKLM\...\Morphyre) (Version: - )
Mozilla Firefox 25.0.1 (x86 de) (HKLM\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MysticThumbs (HKLM\...\{8E07D32B-162C-4AF3-BCF1-6A8E7FC5772D}) (Version: 1.9.8 - MysticCoder)
NAVIGON Fresh 3.4.1 (HKLM\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
Nero 8 (HKLM\...\{BE282C23-5484-47FF-B2C1-EBEA5C891031}) (Version: 8.3.29 - Nero AG)
Nero BurnLite 10 (HKLM\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Control Center 10 (Version: 10.0.13100.3.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.15100.0.1 - Nero AG) Hidden
Nero Mega Plugin Pack (HKLM\...\{EF901A4B-A25A-4962-83C6-C6691D062ED9}) (Version: 2.0 - MaCiO)
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Next Generation Visualisations (HKLM\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 - Microsoft)
Norton Ghost (HKLM\...\{B0255743-165B-4BD5-8DA8-37DFB9930014}) (Version: 14.0.0.24815 - Symantec Corporation)
Panda USB Vaccine 1.0.1.4 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Reader (HKCU\...\PDF Reader) (Version: - )
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Photo Notifier and Animation Creator (HKLM\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Photo Notifier and Animation Creator (Version: 1.0.0.1009 - Ihr Firmenname) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Platform (Version: 1.36 - VIA Technologies, Inc.) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Semper Driver Backup (HKLM\...\Semper Driver Backup_is1) (Version: 4.0 - Semper Software)
shopping-preise.de - AddOn für Firefox (HKLM\...\{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1) (Version: 2.81 - shopping-preise.de)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{0BEB28E4-E5EA-40DE-8982-1F13005DC08B}) (Version: 2.2.25937 - SlimWare Utilities, Inc.)
Sony Ericsson PC Companion 2.02.002 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.02.002 - Sony Ericsson)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
SpeedUpMyPC (HKLM\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 5.3.4.4 - Uniblue Systems Ltd)
SPG-Verein 3.1 (HKLM\...\{6738D11F-DF64-445B-80A4-B6B32F297059}) (Version: 3.1.12 - Software Peter Große)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.2300 - SRS Labs, Inc.)
StudioLine Photo Classic 3 SE (HKLM\...\{D11B4E36-7AE5-482E-B276-74730A42B55C}) (Version: 3.70.27.0 - H&M System Software)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.3600.77 - TuneUp Software)
TuneUp Utilities 2012 (Version: 12.0.3600.77 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.77 - TuneUp Software) Hidden
Ulead ArtTexture.Plugin 1.0 (HKLM\...\Ulead ArtTexture.Plugin 1.0) (Version: - )
Ulead GIF-X.Plugin 2.0 (HKLM\...\Ulead GIF-X.Plugin 2.0) (Version: - )
Ulead Particle.Plugin 1.0 (HKLM\...\Ulead Particle.Plugin 1.0) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB 2.0 UVC 1.3M WebCam (HKLM\...\USB 2.0 UVC 1.3M WebCam) (Version: - )
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
WebTablet FB Plugin (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Weingarten-Die-Berge-2014 Bildschirmschoner (HKLM\...\Weingarten-Die-Berge-2014) (Version: - )
Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.6.4 - Shark007)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Winter 3D Screensaver 1.0 (HKLM\...\Winter 3D Screensaver_is1) (Version: - )
Winter Dreams Screensaver (HKLM\...\Winter Dreams Screensaver) (Version: - )
WOT für Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)
Xara3D 5 (HKLM\...\Xara3D5) (Version: - )
XnView 2.05 (HKLM\...\XnView_is1) (Version: 2.05 - Gougelet Pierre-e)
Zattoo4 4.0.5 (HKLM\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)
==================== Restore Points =========================
12-02-2014 17:09:12 Windows Update
18-02-2014 07:41:57 Windows Update
25-02-2014 06:34:25 Windows Update
04-03-2014 06:56:15 Windows Update
05-03-2014 16:13:15 Wiederherstellungsvorgang
05-03-2014 16:27:32 Windows Update
07-03-2014 13:08:41 Installed Sophos Virus Removal Tool.
07-03-2014 16:01:33 Wiederherstellungsvorgang
07-03-2014 16:49:32 Windows Update
07-03-2014 17:09:57 Windows Update
08-03-2014 06:57:22 Installed Sophos Virus Removal Tool.
==================== Hosts content: ==========================
2009-07-14 03:04 - 2011-05-10 13:56 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {02E27E64-87D9-4D2F-8286-1C3A11A03286} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-21] (Google Inc.)
Task: {132C2ADF-6972-47B8-9080-15188152DEE0} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-06-09] ()
Task: {542E36A4-6687-4415-9E91-35855E531E4C} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {6CE1A244-2306-49DF-90C5-88C2A0EA7164} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {72949402-6180-441A-8556-65FF6694E5FB} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {87F057A2-79CF-423F-9E65-815E84352719} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-01] (Adobe Systems Incorporated)
Task: {A3331ED6-B094-44FE-805C-4028188C4B12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-21] (Google Inc.)
Task: {B3358D5D-0507-4F44-A1CE-C23313EA9652} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {C961C680-9A29-4FAE-8B39-DFE96581607D} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-12-19] ()
Task: {DAE924D3-490B-4DD3-B97C-76884E11F7FE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {E69FEC30-EF54-4C84-A9F4-F61D72EC9137} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {E96CCF2A-1FA1-43D4-B1E6-033D1F8A0871} - System32\Tasks\FreeDriverScout => C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe [2013-05-10] ()
Task: {ECFDCC95-2110-4878-9C8A-A9AD25D22802} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {FAA0F4EC-B266-44E9-8E27-3B3422C1393E} - System32\Tasks\{F2A7C4C8-13F4-4B95-90C8-77BB71D4E242} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Driver Booster Scan.job => C:\Program Files\IObit\Driver Booster\Scheduler.exe
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\EPUpdater.job => C:\Users\INGRID~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef68c9ab96785.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RunAsStdUser Task.job => C:\Program Files\Moo0\FontViewer 1.12\FontViewer.exe
Task: C:\Windows\Tasks\Software Updater.job => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe
Task: C:\Windows\Tasks\SpeedUpMyPC.job => C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012.job => C:\Program Files\TuneUp Utilities 2012\OneClick.exe
==================== Loaded Modules (whitelisted) =============
2012-10-17 11:52 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2011-09-27 22:09 - 2011-09-27 22:09 - 00065024 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-07-03 10:27 - 2013-04-24 18:20 - 02007040 _____ () C:\Program Files\Atomic Alarm Clock\timeserv.exe
2012-12-22 10:22 - 2012-11-20 15:09 - 00188760 _____ () C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
2010-05-06 13:40 - 2010-05-06 13:40 - 00071096 _____ () C:\Program Files\StudioLine Photo Classic SE\NMSAccess32.exe
2013-07-03 10:23 - 2013-07-04 14:56 - 00070656 _____ () C:\Windows\system32\ntshruid.exe
2007-06-05 12:20 - 2007-06-05 12:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2012-08-28 13:45 - 2011-09-08 16:48 - 00962936 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-02-24 11:29 - 2014-02-24 11:29 - 00111696 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-02-24 11:29 - 2014-02-24 11:29 - 00061520 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2007-06-22 15:48 - 2007-06-22 15:48 - 00044032 _____ () C:\Program Files\KatMouse\KatMouseS.dll
2013-07-03 10:27 - 2013-06-07 02:06 - 01147392 _____ () C:\Program Files\Atomic Alarm Clock\Clock.dll
2012-03-05 21:45 - 2000-01-01 01:00 - 00080496 _____ () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2012-03-05 21:45 - 2000-01-01 01:00 - 00113264 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2012-03-05 21:45 - 2000-01-01 01:00 - 00623216 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2014-03-07 18:04 - 2014-02-24 11:29 - 00049744 _____ () C:\Users\IngridSchaaf\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-01-25 10:01 - 2013-01-25 10:01 - 00033272 _____ () C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
2013-01-25 10:01 - 2013-01-25 10:01 - 00072256 _____ () C:\Program Files\IncrediMail\Bin\wlessfp1.dll
2013-01-25 10:01 - 2013-01-25 10:01 - 00268864 _____ () C:\Program Files\IncrediMail\Bin\ImLookExU.dll
2012-11-18 17:29 - 2012-11-18 17:29 - 00108448 _____ () C:\Program Files\IncrediMail\Bin\pmc.dll
2013-01-25 10:01 - 2013-01-25 10:01 - 00133696 _____ () C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
2013-01-12 12:16 - 2012-08-03 13:29 - 00042904 _____ () C:\Program Files\Ashampoo\Ashampoo Snap 5\MouseHook.dll
2007-05-30 13:14 - 2007-05-30 13:14 - 00050688 _____ () C:\Program Files\KatMouse\KatMouse.exe
2008-12-30 17:23 - 2008-12-30 17:23 - 00214528 _____ () C:\Program Files\KatMouse\KatMouseH.dll
2011-09-27 22:08 - 2011-09-27 22:08 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-27 22:23 - 2011-09-27 22:23 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-01-25 10:01 - 2013-01-25 10:01 - 00080448 _____ () C:\Program Files\IncrediMail\bin\ImAppRU.dll
2011-11-03 10:35 - 2011-11-03 10:35 - 01294368 _____ () C:\Program Files\WOT\WOT.dll
2012-05-30 06:24 - 2012-11-20 15:09 - 00170840 _____ () C:\Program Files\Web Assistant\Extension32.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\ProgramData\TEMP:CDEBE8F6
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/08/2014 04:52:32 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NMIndexStoreSvr.exe, Version: 3.3.3.0, Zeitstempel: 0x47c6bd1b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x27172717
ID des fehlerhaften Prozesses: 0x1290
Startzeit der fehlerhaften Anwendung: 0xNMIndexStoreSvr.exe0
Pfad der fehlerhaften Anwendung: NMIndexStoreSvr.exe1
Pfad des fehlerhaften Moduls: NMIndexStoreSvr.exe2
Berichtskennung: NMIndexStoreSvr.exe3
Error: (03/07/2014 11:19:30 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (03/07/2014 06:03:08 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (03/07/2014 06:01:37 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (03/07/2014 05:58:52 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (03/07/2014 05:57:25 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (03/07/2014 05:42:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SystemStore.exe, Version: 2.0.0.34, Zeitstempel: 0x517fdb4f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb10c6
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xSystemStore.exe0
Pfad der fehlerhaften Anwendung: SystemStore.exe1
Pfad des fehlerhaften Moduls: SystemStore.exe2
Berichtskennung: SystemStore.exe3
Error: (03/07/2014 05:42:28 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (03/07/2014 05:31:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SystemStore.exe, Version: 2.0.0.34, Zeitstempel: 0x517fdb4f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb10c6
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xSystemStore.exe0
Pfad der fehlerhaften Anwendung: SystemStore.exe1
Pfad des fehlerhaften Moduls: SystemStore.exe2
Berichtskennung: SystemStore.exe3
Error: (03/07/2014 05:31:08 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
System errors:
=============
Error: (03/08/2014 05:05:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140995069
Error: (03/08/2014 05:05:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140995069
Error: (03/08/2014 05:05:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140995069
Error: (03/08/2014 05:05:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140995069
Error: (03/08/2014 05:05:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140995069
Error: (03/08/2014 05:05:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140995069
Error: (03/08/2014 05:05:02 PM) (Source: PNRPSvc) (User: )
Description: 0x80630203
Error: (03/08/2014 05:05:01 PM) (Source: PNRPSvc) (User: )
Description: 0x80630203
Error: (03/08/2014 05:05:01 PM) (Source: PNRPSvc) (User: )
Description: 0x80630203
Error: (03/08/2014 05:05:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140995069
Microsoft Office Sessions:
=========================
Error: (01/25/2014 00:15:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 86 seconds with 0 seconds of active time. This session ended with a crash.
Error: (11/16/2013 11:06:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 788 seconds with 120 seconds of active time. This session ended with a crash.
Error: (01/31/2013 02:38:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 523 seconds with 480 seconds of active time. This session ended with a crash.
Error: (10/25/2012 09:53:11 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 43 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/06/2012 11:48:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 117 seconds with 60 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 3327.21 MB
Available physical RAM: 1958.13 MB
Total Pagefile: 6652.71 MB
Available Pagefile: 4617.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.06 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:163.6 GB) (Free:101.78 GB) NTFS
Drive d: (DATA) (Fixed) (Total:134.39 GB) (Free:65.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D9B3496E)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
09.03.2014, 08:58
| #4 |
| /// the machine /// TB-Ausbilder | Ich scheine einen Virus oder Trojaner auf meinem System zu haben! hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.03.2014, 10:19
| #5 |
| | Ich scheine einen Virus oder Trojaner auf meinem System zu haben! Hallo, Schrauber, vielen Dank schon einmal für deine echt rasche Antwort. ich wollte Combofix laufen lassen. Hierzu vorab noch eine Mitteilung, was mir nach meiner Systemrücksetzung vom 05.03.2014 aufgefallen war. Ein Schild kam hoch, meine Lizenz von Antivir sei abgelaufen. Man konnte einen Button "erneuern" anklicken, was ich gemacht habe und was wohl falsch war, denn ich habe ja gar keine Bezahlversion. Seit dieser Zeit habe ich folgendes Bild. Hat dieses Bild überhaupt was mit Antivir zu tun?  Ich kann diese Prozesse nicht beenden, auch nicht mit dem Task-Manager, s. Screen:  Von Combofix kam diese Meldung. Ich habe daraufhin Combofix wieder ohne Scan geschlossen:  Was soll ich tun? Soll ich zuerst "Renove Fake Antivirus" herunter laden und ausführen????? Bevor ich etwas mache, warte ich auf deine Antwort. Gruß Schaefchen |
|
10.03.2014, 10:48
| #6 |
| /// the machine /// TB-Ausbilder | Ich scheine einen Virus oder Trojaner auf meinem System zu haben! Deinstalliere einfach Avira.
__________________ --> Ich scheine einen Virus oder Trojaner auf meinem System zu haben! |
|
10.03.2014, 12:31
| #7 |
| | Ich scheine einen Virus oder Trojaner auf meinem System zu haben! Hi Schrauber, hier die Combofix-Text-Datei. Gruß Schaefchen Code:
ATTFilter ComboFix 14-03-05.01 - IngridSchaaf 10.03.2014 12:01:40.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3327.2214 [GMT 1:00]
ausgeführt von:: c:\users\IngridSchaaf\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Complitly
c:\program files\Complitly\InstallHelper.dll
c:\program files\Complitly\InstallHelperNet4.dll
c:\program files\Complitly\Interop.IWshRuntimeLibrary.dll
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\System.Data.SQLite.dll
c:\program files\Complitly\ToolbarUninstall.exe
c:\program files\Complitly\unins000.exe
c:\program files\Uniblue\SpeedUpMyPC
c:\program files\Uniblue\SpeedUpMyPC\cwebpage.dll
c:\program files\Uniblue\SpeedUpMyPC\InstallerExtensions.dll
c:\program files\Uniblue\SpeedUpMyPC\intermediate_views.dat
c:\program files\Uniblue\SpeedUpMyPC\latest_scan_results.xsl
c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
c:\program files\Uniblue\SpeedUpMyPC\library.dat
c:\program files\Uniblue\SpeedUpMyPC\locale\br\br.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\br\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\de\de.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\de\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\dk\dk.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\dk\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\en\en.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\en\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\es\es.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\es\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\fi\fi.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\fi\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\fr\fr.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\fr\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\it\it.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\it\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\jp\jp.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\jp\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\nl\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\nl\nl.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\no\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\no\no.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\ru\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\ru\ru.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\se\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\se\se.dll
c:\program files\Uniblue\SpeedUpMyPC\Microsoft.VC90.CRT.manifest
c:\program files\Uniblue\SpeedUpMyPC\msvcp90.dll
c:\program files\Uniblue\SpeedUpMyPC\msvcr90.dll
c:\program files\Uniblue\SpeedUpMyPC\repair_transform.xsl
c:\program files\Uniblue\SpeedUpMyPC\sp_move_serial.exe
c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe
c:\program files\Uniblue\SpeedUpMyPC\spnotifier.exe
c:\program files\Uniblue\SpeedUpMyPC\sump.exe
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\comtypes.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\cwebpage.dll.html
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\decorator.py.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\ordereddict.py.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\py2exe.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\python-changes.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\python.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\simplejson.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\wmi.txt
c:\program files\Uniblue\SpeedUpMyPC\unins000.dat
c:\program files\Uniblue\SpeedUpMyPC\unins000.exe
c:\program files\Uniblue\SpeedUpMyPC\unins000.msg
c:\program files\Uniblue\SpeedUpMyPC\views.dat
c:\program files\Web Assistant\ExTEnsion32.dll
c:\users\INGRID~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\IngridSchaaf\4.0
c:\users\IngridSchaaf\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\desktop
c:\windows\system32\Winter 3D Screensaver.htm
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-02-10 bis 2014-03-10 ))))))))))))))))))))))))))))))
.
.
2014-03-10 11:14 . 2014-03-10 11:17 -------- d-----w- c:\users\IngridSchaaf\AppData\Local\temp
2014-03-10 11:14 . 2014-03-10 11:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-08 16:10 . 2014-03-08 16:15 -------- d-----w- C:\FRST
2014-03-08 06:58 . 2014-03-08 06:58 73728 ----a-r- c:\users\IngridSchaaf\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-08 06:58 . 2014-03-08 06:58 73728 ----a-r- c:\users\IngridSchaaf\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-08 06:58 . 2014-03-08 06:58 73728 ----a-r- c:\users\IngridSchaaf\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-03-07 17:15 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-03-07 16:56 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-03-07 16:56 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-03-07 16:56 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-03-07 16:55 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-03-07 16:55 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-03-07 16:55 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-03-07 16:55 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
2014-03-07 16:55 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-03-07 16:55 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-03-07 16:49 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-07 16:49 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-03-07 16:49 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-07 16:49 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-03-07 16:37 . 2014-03-07 16:37 -------- d-----w- c:\program files\McAfee Security Scan
2014-03-07 13:16 . 2014-03-07 13:16 -------- d-----w- c:\programdata\Sophos
2014-03-07 13:09 . 2014-03-07 13:09 -------- d-----w- c:\program files\Sophos
2014-02-25 18:03 . 2014-02-25 18:03 -------- d-----w- c:\program files\Franzis
2014-02-25 17:58 . 2014-03-05 16:19 -------- d-----w- C:\StudioLine3 Dateien
2014-02-11 12:50 . 2014-02-11 12:50 679936 ----a-w- c:\windows\system32\Wein4243.scr
2014-02-11 12:50 . 2014-02-11 12:50 -------- d-----w- c:\programdata\Screentime
2014-02-11 12:50 . 2014-02-11 12:50 -------- d-----w- c:\users\IngridSchaaf\AppData\Local\Screentime
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-03 11:20 . 2011-05-06 13:34 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-02-01 22:17 . 2012-03-30 17:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-01 22:17 . 2011-05-16 13:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-27 10:54 . 2013-12-27 10:55 720896 ----a-w- c:\windows\iun6002ev.exe
2013-12-18 20:10 . 2014-01-27 10:16 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-12 12:09 . 2013-05-07 13:54 69240 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-12 12:09 . 2012-10-17 10:52 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-12 12:09 . 2012-10-17 10:52 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2013-01-25 367168]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
"AshSnap"="c:\program files\Ashampoo\Ashampoo Snap 5\ashsnap.exe" [2012-08-03 3400600]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-03-08 5625624]
"AtomicAlarmClock6"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2013-06-07 3600896]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2013-12-21 698760]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2013-08-27 248208]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2000-01-01 2154096]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-27 343168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-03-07 689744]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-19 2245984]
"AtherosBtStack"="c:\program files\Atheros\Bluetooth Suite\BtvStack.exe" [2010-06-07 470176]
"AthBtTray"="c:\program files\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-06-07 289952]
.
c:\users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
KatMouse.lnk - c:\program files\KatMouse\KatMouse.exe [2007-5-30 50688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"BambooCore"=c:\program files\Bamboo Dock\BambooCore.exe
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Wondershare Helper Compact.exe"=c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [2013-04-08 799280]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R2 SystemStoreService;System Store;c:\program files\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2000-01-01 28672]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-06-07 37224]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-06-07 256360]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-06-07 177704]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-06-07 46952]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-06-07 143080]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 235696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 98672]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 14960]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 124016]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 117872]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 25456]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 113904]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 123504]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-02-16 13024]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-08-12 1343400]
R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-07 37352]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-07 119024]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-27 291840]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-03-07 440400]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]
S2 AtherosSvc;AtherosSvc;c:\program files\Atheros\Bluetooth Suite\adminservice.exe [2010-06-07 38560]
S2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\Atomic Alarm Clock\timeserv.exe [2013-04-24 2007040]
S2 IB Updater;IB Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-11-20 188760]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [2013-04-08 1320496]
S2 prevhpst;TDTCP USB Basisfiltermodul;c:\windows\system32\ntshruid.exe [2013-07-04 70656]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 7168]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 5554552]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2013-08-27 93072]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 451960]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-05-29 1528672]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2000-01-01 27760]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-11-20 188760]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2000-01-01 211984]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-06-07 28200]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
S3 MTsensor32;PU ACPI UTILITY;c:\windows\system32\DRIVERS\PuAcpi32.sys [2009-06-04 14344]
S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1553896]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-02-09 10064]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2000-01-01 35968]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2000-01-01 1804400]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 10752]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 08:02 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 22:17]
.
2013-09-17 c:\windows\Tasks\Driver Booster Scan.job
- c:\program files\IObit\Driver Booster\Scheduler.exe [2013-09-17 09:12]
.
2013-09-17 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-09-17 09:12]
.
2013-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef68c9ab96785.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 17:09]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 17:09]
.
2013-12-09 c:\windows\Tasks\RunAsStdUser Task.job
- c:\program files\Moo0\FontViewer 1.12\FontViewer.exe [2013-12-09 04:29]
.
2013-12-19 c:\windows\Tasks\Software Updater.job
- c:\program files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-05-10 07:54]
.
2013-07-15 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012.job
- c:\program files\TuneUp Utilities 2012\OneClick.exe [2012-05-29 14:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://maltreff.collie.ch/
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=62606&st=chrome&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01&q=
mStart Page = hxxp://search.certified-toolbar.com?si=62606&st=home&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01
mSearch Bar = hxxp://search.certified-toolbar.com?si=62606&st=chrome&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01&q=
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ONE_LINK
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\IngridSchaaf\AppData\Roaming\Mozilla\Firefox\Profiles\zjuun9cj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.psd-tutorials.de/
FF - prefs.js: keyword.URL - hxxp://search.certified-toolbar.com?si=62606&st=chrome&tid=6533&ver=4.3&ts=1375687448211.000005&tguid=62606-6533-1375687448211-57020CC6A49D1259A0BB5B73B9698F01&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-02-12 09:52; {EB6908C5-1B6D-475E-AB6E-5AD209DEA64E}; c:\program files\Mozilla Firefox\extensions\{EB6908C5-1B6D-475E-AB6E-5AD209DEA64E}
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=180aaffa0000000000003e4bd61e8f85&q=
FF - user.js: extensions.BabylonToolbar.id - 180aaffa0000000000003e4bd61e8f85
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15610
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1218:01
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=120912_cpc_3912_5
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 180aaffa0000000000003e4bd61e8f85
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15917
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.013:35
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121564&tsp=4960
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
AddRemove-{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 - c:\program files\Uniblue\SpeedUpMyPC\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3228)
c:\program files\KatMouse\KatMouseS.dll
c:\program files\Atomic Alarm Clock\Clock.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Atheros\Bluetooth Suite\AthCopyHook.dll
c:\program files\Elantech\ETDApix.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\StudioLine Photo Classic SE\NMSAccess32.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\PSIService.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\windows\system32\conhost.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\IncrediMail\Bin\ImApp.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\System32\msdtc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-10 12:27:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-03-10 11:27
.
Vor Suchlauf: 17 Verzeichnis(se), 110.606.540.800 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 111.977.607.168 Bytes frei
.
- - End Of File - - D12F721A0F67BB169CD706E4DBE5A1FB
A36C5E4F47E84449FF07ED3517B43A31
|
|
11.03.2014, 09:33
| #8 |
| /// the machine /// TB-Ausbilder | Ich scheine einen Virus oder Trojaner auf meinem System zu haben! Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.03.2014, 16:40
| #9 |
| | Ich scheine einen Virus oder Trojaner auf meinem System zu haben! Hallo, Schrauber, hier kommen die angeforderten Logfiles. Da die Dateien zu schwer waren, musste ich sie zippen und als Anhang verschicken. Gruß Schaefchen |
|
12.03.2014, 12:12
| #10 |
| /// the machine /// TB-Ausbilder | Ich scheine einen Virus oder Trojaner auf meinem System zu haben! Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.03.2014, 09:42
| #11 |
| | Ich scheine einen Virus oder Trojaner auf meinem System zu haben! Hallo, Schrauber, bitte, entschuldige, dass ich die 5 Logfiles per rar-Datei geschickt hatte. Ich wäre auch nicht auf die Idee gekommen, wenn nicht ein neues Fenster aufgegangen wäre, wo drin stand, dass die Dateien zu groß sind und deshalb nur gezipt geschickt werden können. Auch wusste ich nicht, dass man in mehreren Posts senden kann. Soll ich die 5 Logfiles noch nachschicken? Hier nun die Logfiles, die du angefordert hast: ESET Onlinescanner Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2e1cde6082942243a201898b4b5aac0e
# engine=17443
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-14 02:06:06
# local_time=2014-03-14 03:06:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 10132 260229256 2895 0
# compatibility_mode=5893 16776573 100 94 9964 146437157 0 0
# scanned=77732
# found=0
# cleaned=0
# scan_time=5187
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2e1cde6082942243a201898b4b5aac0e
# engine=17459
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-15 07:38:14
# local_time=2014-03-15 08:38:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 8415 260292384 1163 0
# compatibility_mode=5893 16776573 100 94 69492 146500285 0 0
# scanned=100540
# found=0
# cleaned=0
# scan_time=3600
Code:
ATTFilter Results of screen317's Security Check version 0.99.80 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! SUPERAntiSpyware Norton Ghost Malwarebytes Anti-Malware Version 1.75.0.1300 HijackThis 1.99.1 TuneUp Utilities 2012 TuneUp Utilities Language Pack (de-DE) CCleaner ExifCleaner 1.7 Java 7 Update 51 Adobe Flash Player 11.9.900.152 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (AddOn.) Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2014 Ran by IngridSchaaf (administrator) on INGRIDSCHAAF-PC on 15-03-2014 09:10:32 Running from C:\Users\IngridSchaaf\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (ASUS) C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Atheros) C:\Program Files\Atheros\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files\Atheros\Bluetooth Suite\adminservice.exe () C:\Program Files\Atomic Alarm Clock\timeserv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Program Files\StudioLine Photo Classic SE\NMSAccess32.exe (Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProSvc.exe (pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe () C:\Windows\system32\ntshruid.exe () C:\Windows\system32\PSIService.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (ASUS) C:\Program Files\asus\ATK Hotkey\HControlUser.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProTray.exe (Atheros Commnucations) C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Thomas Ascher) C:\Program Files\ATnotes\ATnotes.exe (ashampoo GmbH & Co. KG) C:\Program Files\Ashampoo\Ashampoo Snap 5\ashsnap.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Drive Software Company) C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe () C:\Program Files\KatMouse\KatMouse.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Symantec) C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe (IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\ImApp.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [497024 2009-07-30] (ELAN Microelectronic Corp.) HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2154096 2000-01-01] (VIA) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-27] (Advanced Micro Devices, Inc.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-07] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Norton Ghost 14.0] - C:\Program Files\Norton Ghost\Agent\VProTray.exe [2245984 2008-01-19] (Symantec Corporation) HKLM\...\Run: [AtherosBtStack] - C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe [470176 2010-06-07] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] - C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe [289952 2010-06-07] (Atheros Commnucations) HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [IncrediMail] - C:\Program Files\IncrediMail\bin\IncMail.exe [367168 2013-01-25] (IncrediMail, Ltd.) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [ATnotes.exe] - C:\Program Files\ATnotes\ATnotes.exe [1015808 2005-01-05] (Thomas Ascher) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [AshSnap] - C:\Program Files\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3400600 2012-08-03] (ashampoo GmbH & Co. KG) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-03-08] (SUPERAntiSpyware) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [AtomicAlarmClock6] - C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [3600896 2013-06-07] (Drive Software Company) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [Adobe Reader Synchronizer] - C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [698760 2013-12-21] (Adobe Systems Incorporated) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [Sony Ericsson PC Companion] - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [433872 2011-10-21] (Sony Ericsson) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) Startup: C:\Users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk ShortcutTarget: KatMouse.lnk -> C:\Program Files\KatMouse\KatMouse.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://maltreff.collie.ch/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C8C47D51E0ECC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM - DefaultScope value is missing. BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} https://picasaweb.google.com/s/v/73.31/uploader2.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\IngridSchaaf\AppData\Roaming\Mozilla\Firefox\Profiles\zjuun9cj.default FF Homepage: hxxp://www.psd-tutorials.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Plus-HD-4.9 - C:\Users\IngridSchaaf\AppData\Roaming\Mozilla\Firefox\Profiles\zjuun9cj.default\Extensions\d019febe-eb2b-4057-a3f2-7def88f2c9cd@1cced8ec-0ffe-43ea-b4b2-fbce5de8e9a4.com [2014-02-22] FF Extension: 4shared Desktop Plugin - C:\Users\IngridSchaaf\AppData\Roaming\Mozilla\Firefox\Profiles\zjuun9cj.default\Extensions\4sharedCopyLinks.xpi [2013-03-14] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-10] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-10] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-10] FF Extension: Download Protect - C:\Program Files\Mozilla Firefox\extensions\{EB6908C5-1B6D-475E-AB6E-5AD209DEA64E} [2014-02-04] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-28] FF HKLM\...\Firefox\Extensions: [{EB6908C5-1B6D-475E-AB6E-5AD209DEA64E}] - C:\Program Files\Mozilla Firefox\extensions\{EB6908C5-1B6D-475E-AB6E-5AD209DEA64E} FF Extension: Download Protect - C:\Program Files\Mozilla Firefox\extensions\{EB6908C5-1B6D-475E-AB6E-5AD209DEA64E} [2014-02-04] Chrome: ======= CHR Extension: (Avira Browser Safety) - C:\Users\IngridSchaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-07] CHR Extension: (Google Wallet) - C:\Users\IngridSchaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07] CHR Extension: (Download Protect) - C:\Users\IngridSchaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlllpcfnnlcgcciikkgkkkegakkjhjd [2014-03-07] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-07] (SUPERAntiSpyware.com) S4 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-09-27] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-07] (Avira Operations GmbH & Co. KG) R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Atheros\Ath_CoexAgent.exe [151552 2010-05-24] (Atheros) R2 AtherosSvc; C:\Program Files\Atheros\Bluetooth Suite\adminservice.exe [38560 2010-06-07] (Atheros Commnucations) R2 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG) R2 NMSAccess; C:\Program Files\StudioLine Photo Classic SE\NMSAccess32.exe [71096 2010-05-06] () R2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4388192 2008-01-19] (Symantec Corporation) R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 prevhpst; C:\Windows\system32\ntshruid.exe [70656 2013-07-04] () R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] () S4 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software) R2 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) R3 SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1553896 2007-12-20] (Symantec) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2000-01-01] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [28672 2000-01-01] (Alcor Micro, Corp.) S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [37224 2010-06-07] (Atheros) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG) S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [256360 2010-06-07] (Atheros) R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [28200 2010-06-07] (Atheros) S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [177704 2010-06-07] (Atheros) S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [46952 2010-06-07] (Atheros) S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [143080 2010-06-07] (Atheros) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [87040 2009-07-29] (ELAN Microelectronic Corp.) R3 HBtnKey; C:\Windows\System32\DRIVERS\tkbtnpn.sys [7463 2007-10-30] (Lenovo) R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [55848 2013-09-30] (Atheros Communications, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100) R3 MTsensor32; C:\Windows\System32\DRIVERS\PuAcpi32.sys [14344 2009-06-04] () S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-15] (MCCI Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759872 2009-05-20] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2013-02-16] () R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [26816 2011-11-12] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-02-09] (TuneUp Software) R2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-01-19] (Symantec Corporation) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1804400 2000-01-01] (VIA Technologies, Inc.) S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [15088 2008-01-19] (Symantec Corporation) S3 catchme; \??\C:\Users\INGRID~1\AppData\Local\Temp\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-15 08:58 - 2014-03-15 08:58 - 00000698 _____ () C:\Users\IngridSchaaf\Desktop\JRT.txt 2014-03-15 08:43 - 2014-03-15 08:43 - 00987442 _____ () C:\Users\IngridSchaaf\Downloads\SecurityCheck.exe 2014-03-14 13:35 - 2014-03-14 13:35 - 00000000 ____D () C:\Program Files\ESET 2014-03-14 13:34 - 2014-03-14 13:35 - 02347384 _____ (ESET) C:\Users\IngridSchaaf\Downloads\esetsmartinstaller_enu.exe 2014-03-13 17:26 - 2014-03-13 17:26 - 00006036 _____ () C:\Users\IngridSchaaf\Downloads\dünengras_variiert.abr 2014-03-13 13:55 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 13:55 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 13:55 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 13:55 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 13:55 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 13:55 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 13:55 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 13:55 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 13:55 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 13:55 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 13:55 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 13:55 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 13:55 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 13:55 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 13:55 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 13:55 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 13:55 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 13:55 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 13:55 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 13:55 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 13:55 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 13:55 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 13:55 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 13:54 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 13:54 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 13:54 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 13:54 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-11 13:09 - 2014-03-11 13:09 - 00000000 ____D () C:\Users\IngridSchaaf\Downloads\FRST-OlderVersion 2014-03-11 12:55 - 2014-03-11 12:55 - 00000000 ____D () C:\Windows\ERUNT 2014-03-11 12:41 - 2014-03-11 12:47 - 00000000 ____D () C:\AdwCleaner 2014-03-11 12:09 - 2014-03-11 12:09 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-11 12:09 - 2014-03-11 12:09 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Malwarebytes 2014-03-11 12:09 - 2014-03-11 12:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-11 12:09 - 2014-03-11 12:09 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-11 12:09 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-11 12:05 - 2014-03-11 12:05 - 01037734 _____ (Thisisu) C:\Users\IngridSchaaf\Downloads\JRT.exe 2014-03-11 12:04 - 2014-03-11 12:04 - 01949184 _____ () C:\Users\IngridSchaaf\Downloads\adwcleaner.exe 2014-03-11 12:03 - 2014-03-11 12:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\IngridSchaaf\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-10 12:27 - 2014-03-10 12:27 - 00029875 _____ () C:\ComboFix.txt 2014-03-10 11:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-03-10 11:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-03-10 11:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-03-10 11:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-03-10 11:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-03-10 11:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-03-10 11:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-03-10 11:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-03-09 09:37 - 2014-03-10 12:27 - 00000000 ____D () C:\Qoobox 2014-03-09 09:36 - 2014-03-10 12:24 - 00000000 ____D () C:\Windows\erdnt 2014-03-09 09:23 - 2014-03-09 09:36 - 05187267 ____R (Swearware) C:\Users\IngridSchaaf\Downloads\ComboFix.exe 2014-03-08 17:13 - 2014-03-08 17:15 - 00043614 _____ () C:\Users\IngridSchaaf\Downloads\Addition.txt 2014-03-08 17:12 - 2014-03-15 09:10 - 00022907 _____ () C:\Users\IngridSchaaf\Downloads\FRST.txt 2014-03-08 17:10 - 2014-03-15 09:10 - 00000000 ____D () C:\FRST 2014-03-08 17:07 - 2014-03-11 13:09 - 01145856 _____ (Farbar) C:\Users\IngridSchaaf\Downloads\FRST.exe 2014-03-08 07:58 - 2014-03-08 07:58 - 00003225 _____ () C:\Users\IngridSchaaf\Desktop\Sophos Virus Removal Tool.lnk 2014-03-08 07:56 - 2014-03-08 07:56 - 85311952 _____ (Sophos Limited) C:\Users\IngridSchaaf\Downloads\Sophos Virus Removal Tool.exe 2014-03-07 18:15 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-07 17:56 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-03-07 17:56 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-03-07 17:56 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-03-07 17:55 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-03-07 17:55 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-03-07 17:55 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-03-07 17:55 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-03-07 17:55 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-03-07 17:55 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-03-07 17:49 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-03-07 17:49 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-03-07 17:49 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-03-07 17:49 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-03-07 17:49 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-03-07 17:37 - 2014-03-07 17:37 - 00002012 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-07 17:37 - 2014-03-07 17:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-07 14:16 - 2014-03-07 14:16 - 00000000 ____D () C:\ProgramData\Sophos 2014-03-07 14:09 - 2014-03-07 14:09 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-03-07 14:09 - 2014-03-07 14:09 - 00000000 ____D () C:\Program Files\Sophos 2014-03-07 13:25 - 2014-03-07 13:36 - 00000000 ____D () C:\Windows\pss 2014-02-25 19:03 - 2014-02-25 19:03 - 00000000 ____D () C:\Program Files\Franzis ==================== One Month Modified Files and Folders ======= 2014-03-15 09:11 - 2014-03-08 17:12 - 00022907 _____ () C:\Users\IngridSchaaf\Downloads\FRST.txt 2014-03-15 09:10 - 2014-03-08 17:10 - 00000000 ____D () C:\FRST 2014-03-15 08:58 - 2014-03-15 08:58 - 00000698 _____ () C:\Users\IngridSchaaf\Desktop\JRT.txt 2014-03-15 08:43 - 2014-03-15 08:43 - 00987442 _____ () C:\Users\IngridSchaaf\Downloads\SecurityCheck.exe 2014-03-15 08:30 - 2011-05-06 14:06 - 01371704 _____ () C:\Windows\WindowsUpdate.log 2014-03-15 07:30 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-15 07:30 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-15 07:27 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2014-03-15 07:25 - 2011-08-11 12:10 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini 2014-03-15 07:24 - 2013-09-30 10:59 - 00021841 _____ () C:\Windows\setupact.log 2014-03-15 07:16 - 2011-05-06 14:13 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-14 13:35 - 2014-03-14 13:35 - 00000000 ____D () C:\Program Files\ESET 2014-03-14 13:35 - 2014-03-14 13:34 - 02347384 _____ (ESET) C:\Users\IngridSchaaf\Downloads\esetsmartinstaller_enu.exe 2014-03-14 13:12 - 2011-05-06 16:03 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Local\Adobe 2014-03-13 17:33 - 2011-05-06 16:13 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Skype 2014-03-13 17:26 - 2014-03-13 17:26 - 00006036 _____ () C:\Users\IngridSchaaf\Downloads\dünengras_variiert.abr 2014-03-13 16:02 - 2009-07-14 05:33 - 03844864 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 16:00 - 2012-01-28 17:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-13 14:07 - 2011-05-10 09:13 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-13 13:45 - 2011-08-14 21:28 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Local\CrashDumps 2014-03-11 13:09 - 2014-03-11 13:09 - 00000000 ____D () C:\Users\IngridSchaaf\Downloads\FRST-OlderVersion 2014-03-11 13:09 - 2014-03-08 17:07 - 01145856 _____ (Farbar) C:\Users\IngridSchaaf\Downloads\FRST.exe 2014-03-11 12:55 - 2014-03-11 12:55 - 00000000 ____D () C:\Windows\ERUNT 2014-03-11 12:47 - 2014-03-11 12:41 - 00000000 ____D () C:\AdwCleaner 2014-03-11 12:36 - 2013-10-18 07:57 - 00062818 _____ () C:\Windows\PFRO.log 2014-03-11 12:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help 2014-03-11 12:09 - 2014-03-11 12:09 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-11 12:09 - 2014-03-11 12:09 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Malwarebytes 2014-03-11 12:09 - 2014-03-11 12:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-11 12:09 - 2014-03-11 12:09 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-11 12:05 - 2014-03-11 12:05 - 01037734 _____ (Thisisu) C:\Users\IngridSchaaf\Downloads\JRT.exe 2014-03-11 12:04 - 2014-03-11 12:04 - 01949184 _____ () C:\Users\IngridSchaaf\Downloads\adwcleaner.exe 2014-03-11 12:03 - 2014-03-11 12:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\IngridSchaaf\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-10 12:27 - 2014-03-10 12:27 - 00029875 _____ () C:\ComboFix.txt 2014-03-10 12:27 - 2014-03-09 09:37 - 00000000 ____D () C:\Qoobox 2014-03-10 12:27 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2014-03-10 12:27 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2014-03-10 12:24 - 2014-03-09 09:36 - 00000000 ____D () C:\Windows\erdnt 2014-03-10 12:16 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2014-03-10 12:13 - 2011-05-06 14:10 - 00000000 ____D () C:\Users\IngridSchaaf 2014-03-10 11:39 - 2013-05-19 08:43 - 00000000 ____D () C:\ProgramData\Package Cache 2014-03-10 11:38 - 2012-10-17 11:52 - 00000000 ____D () C:\ProgramData\Avira 2014-03-10 11:38 - 2012-10-17 11:52 - 00000000 ____D () C:\Program Files\Avira 2014-03-09 09:36 - 2014-03-09 09:23 - 05187267 ____R (Swearware) C:\Users\IngridSchaaf\Downloads\ComboFix.exe 2014-03-08 17:15 - 2014-03-08 17:13 - 00043614 _____ () C:\Users\IngridSchaaf\Downloads\Addition.txt 2014-03-08 09:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-03-08 07:58 - 2014-03-08 07:58 - 00003225 _____ () C:\Users\IngridSchaaf\Desktop\Sophos Virus Removal Tool.lnk 2014-03-08 07:56 - 2014-03-08 07:56 - 85311952 _____ (Sophos Limited) C:\Users\IngridSchaaf\Downloads\Sophos Virus Removal Tool.exe 2014-03-08 07:52 - 2012-02-08 16:30 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-03-07 18:22 - 2013-07-12 13:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-07 18:18 - 2011-05-06 14:47 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-07 18:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-03-07 17:37 - 2014-03-07 17:37 - 00002012 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-07 17:37 - 2014-03-07 17:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-07 17:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-03-07 17:28 - 2013-07-03 10:27 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Atomic Alarm Clock 6 2014-03-07 17:28 - 2012-08-23 08:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-07 17:28 - 2012-02-20 12:11 - 00000000 ____D () C:\Users\Administrator 2014-03-07 17:28 - 2011-12-19 09:53 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-07 17:28 - 2011-05-10 13:57 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-03-07 17:28 - 2011-05-06 16:17 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\IrfanView 2014-03-07 17:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-03-07 17:27 - 2011-05-06 15:39 - 00000000 ____D () C:\Windows\system32\Macromed 2014-03-07 17:23 - 2013-12-10 09:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-07 17:22 - 2012-08-28 12:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-03-07 14:16 - 2014-03-07 14:16 - 00000000 ____D () C:\ProgramData\Sophos 2014-03-07 14:09 - 2014-03-07 14:09 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-03-07 14:09 - 2014-03-07 14:09 - 00000000 ____D () C:\Program Files\Sophos 2014-03-07 13:36 - 2014-03-07 13:25 - 00000000 ____D () C:\Windows\pss 2014-03-01 05:30 - 2014-03-13 13:55 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 05:11 - 2014-03-13 13:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 05:10 - 2014-03-13 13:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 04:52 - 2014-03-13 13:55 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 04:51 - 2014-03-13 13:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-13 13:55 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 04:43 - 2014-03-13 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 04:43 - 2014-03-13 13:55 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 04:40 - 2014-03-13 13:55 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 04:38 - 2014-03-13 13:55 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 04:38 - 2014-03-13 13:55 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 04:37 - 2014-03-13 13:55 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 04:31 - 2014-03-13 13:55 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 04:25 - 2014-03-13 13:55 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 04:16 - 2014-03-13 13:55 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:14 - 2014-03-13 13:55 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:03 - 2014-03-13 13:55 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:00 - 2014-03-13 13:55 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 03:57 - 2014-03-13 13:55 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 03:32 - 2014-03-13 13:55 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 03:27 - 2014-03-13 13:55 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:25 - 2014-03-13 13:55 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-25 19:03 - 2014-02-25 19:03 - 00000000 ____D () C:\Program Files\Franzis 2014-02-22 16:28 - 2013-11-23 13:23 - 00017408 _____ () C:\Users\IngridSchaaf\AppData\Local\WebpageIcons.db Some content of TEMP: ==================== C:\Users\IngridSchaaf\AppData\Local\temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-11 09:45 ==================== End Of Log ============================ Es sieht so aus, als wäre jetzt alles in Ordnung. Allerdings habe ich " Malwarebytes Anti-Malware " noch nicht deinstalliert. Ich erhalte nun dauernd folgendes Meldung:  Ist diese Meldung als schlimm zu betrachten, bzw. was kann ich hier tun? Ich schicke samstägliche Grüße Schaefchen |
|
15.03.2014, 17:30
| #12 |
| /// the machine /// TB-Ausbilder | Ich scheine einen Virus oder Trojaner auf meinem System zu haben! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Startup: C:\Users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk
ShortcutTarget: KatMouse.lnk -> C:\Program Files\KatMouse\KatMouse.exe ()
S2 prevhpst;TDTCP USB Basisfiltermodul;c:\windows\system32\ntshruid.exe [2013-07-04 70656]
c:\windows\system32\ntshruid.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte. Komt die Meldung von MBAM noch?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.03.2014, 17:59
| #13 |
| | Ich scheine einen Virus oder Trojaner auf meinem System zu haben! Hallo, Schrauber, hier kommt der Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2014
Ran by IngridSchaaf at 2014-03-15 17:41:12 Run:1
Running from C:\Users\IngridSchaaf\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Startup: C:\Users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk
ShortcutTarget: KatMouse.lnk -> C:\Program Files\KatMouse\KatMouse.exe ()
S2 prevhpst;TDTCP USB Basisfiltermodul;c:\windows\system32\ntshruid.exe [2013-07-04 70656]
c:\windows\system32\ntshruid.exe
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
C:\Users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk => Moved successfully.
C:\Program Files\KatMouse\KatMouse.exe => Moved successfully.
prevhpst => Service stopped successfully.
prevhpst => Service deleted successfully.
c:\windows\system32\ntshruid.exe => Moved successfully.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2014 Ran by IngridSchaaf (administrator) on INGRIDSCHAAF-PC on 15-03-2014 17:42:15 Running from C:\Users\IngridSchaaf\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (ASUS) C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Atheros) C:\Program Files\Atheros\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files\Atheros\Bluetooth Suite\adminservice.exe () C:\Program Files\Atomic Alarm Clock\timeserv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Program Files\StudioLine Photo Classic SE\NMSAccess32.exe (Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProSvc.exe (pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe () C:\Windows\system32\PSIService.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUS) C:\Program Files\asus\ATK Hotkey\HControlUser.exe (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProTray.exe (Atheros Commnucations) C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe (IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\IncMail.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Thomas Ascher) C:\Program Files\ATnotes\ATnotes.exe (ashampoo GmbH & Co. KG) C:\Program Files\Ashampoo\Ashampoo Snap 5\ashsnap.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Drive Software Company) C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe () C:\Program Files\KatMouse\KatMouse.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Symantec) C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\ImApp.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [497024 2009-07-30] (ELAN Microelectronic Corp.) HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2154096 2000-01-01] (VIA) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-27] (Advanced Micro Devices, Inc.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-07] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Norton Ghost 14.0] - C:\Program Files\Norton Ghost\Agent\VProTray.exe [2245984 2008-01-19] (Symantec Corporation) HKLM\...\Run: [AtherosBtStack] - C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe [470176 2010-06-07] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] - C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe [289952 2010-06-07] (Atheros Commnucations) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [IncrediMail] - C:\Program Files\IncrediMail\bin\IncMail.exe [367168 2013-01-25] (IncrediMail, Ltd.) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [ATnotes.exe] - C:\Program Files\ATnotes\ATnotes.exe [1015808 2005-01-05] (Thomas Ascher) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [AshSnap] - C:\Program Files\Ashampoo\Ashampoo Snap 5\ashsnap.exe [3400600 2012-08-03] (ashampoo GmbH & Co. KG) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-03-08] (SUPERAntiSpyware) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [AtomicAlarmClock6] - C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [3600896 2013-06-07] (Drive Software Company) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [Adobe Reader Synchronizer] - C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [698760 2013-12-21] (Adobe Systems Incorporated) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [Sony Ericsson PC Companion] - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [433872 2011-10-21] (Sony Ericsson) HKU\S-1-5-21-45266570-3162269290-2669998526-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://maltreff.collie.ch/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C8C47D51E0ECC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM - DefaultScope value is missing. BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} https://picasaweb.google.com/s/v/73.31/uploader2.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\IngridSchaaf\AppData\Roaming\Mozilla\Firefox\Profiles\zjuun9cj.default FF Homepage: hxxp://www.psd-tutorials.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Plus-HD-4.9 - C:\Users\IngridSchaaf\AppData\Roaming\Mozilla\Firefox\Profiles\zjuun9cj.default\Extensions\d019febe-eb2b-4057-a3f2-7def88f2c9cd@1cced8ec-0ffe-43ea-b4b2-fbce5de8e9a4.com [2014-02-22] FF Extension: 4shared Desktop Plugin - C:\Users\IngridSchaaf\AppData\Roaming\Mozilla\Firefox\Profiles\zjuun9cj.default\Extensions\4sharedCopyLinks.xpi [2013-03-14] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-10] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-10] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-10] FF Extension: Download Protect - C:\Program Files\Mozilla Firefox\extensions\{EB6908C5-1B6D-475E-AB6E-5AD209DEA64E} [2014-02-04] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-28] FF HKLM\...\Firefox\Extensions: [{EB6908C5-1B6D-475E-AB6E-5AD209DEA64E}] - C:\Program Files\Mozilla Firefox\extensions\{EB6908C5-1B6D-475E-AB6E-5AD209DEA64E} FF Extension: Download Protect - C:\Program Files\Mozilla Firefox\extensions\{EB6908C5-1B6D-475E-AB6E-5AD209DEA64E} [2014-02-04] Chrome: ======= CHR Extension: (Avira Browser Safety) - C:\Users\IngridSchaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-07] CHR Extension: (Google Wallet) - C:\Users\IngridSchaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07] CHR Extension: (Download Protect) - C:\Users\IngridSchaaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlllpcfnnlcgcciikkgkkkegakkjhjd [2014-03-07] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-07] (SUPERAntiSpyware.com) S4 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-09-27] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-07] (Avira Operations GmbH & Co. KG) R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Atheros\Ath_CoexAgent.exe [151552 2010-05-24] (Atheros) R2 AtherosSvc; C:\Program Files\Atheros\Bluetooth Suite\adminservice.exe [38560 2010-06-07] (Atheros Commnucations) R2 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG) R2 NMSAccess; C:\Program Files\StudioLine Photo Classic SE\NMSAccess32.exe [71096 2010-05-06] () R2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4388192 2008-01-19] (Symantec Corporation) R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] () S4 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software) R2 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) R3 SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1553896 2007-12-20] (Symantec) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2000-01-01] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [28672 2000-01-01] (Alcor Micro, Corp.) S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [37224 2010-06-07] (Atheros) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG) S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [256360 2010-06-07] (Atheros) R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [28200 2010-06-07] (Atheros) S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [177704 2010-06-07] (Atheros) S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [46952 2010-06-07] (Atheros) S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [143080 2010-06-07] (Atheros) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [87040 2009-07-29] (ELAN Microelectronic Corp.) R3 HBtnKey; C:\Windows\System32\DRIVERS\tkbtnpn.sys [7463 2007-10-30] (Lenovo) R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [55848 2013-09-30] (Atheros Communications, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100) R3 MTsensor32; C:\Windows\System32\DRIVERS\PuAcpi32.sys [14344 2009-06-04] () S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-15] (MCCI Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759872 2009-05-20] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2013-02-16] () R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [26816 2011-11-12] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-02-09] (TuneUp Software) R2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-01-19] (Symantec Corporation) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1804400 2000-01-01] (VIA Technologies, Inc.) S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [15088 2008-01-19] (Symantec Corporation) S3 catchme; \??\C:\Users\INGRID~1\AppData\Local\Temp\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-15 17:04 - 2014-03-15 17:04 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-03-15 17:04 - 2014-03-15 17:04 - 00000000 ____D () C:\Program Files\QuickTime 2014-03-15 17:00 - 2014-03-15 17:00 - 41945432 _____ (Apple Inc.) C:\Users\IngridSchaaf\Downloads\QuickTimeInstaller.exe 2014-03-15 16:55 - 2014-03-15 16:55 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Local\Skype 2014-03-15 16:55 - 2014-03-15 16:55 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-15 16:54 - 2014-03-15 16:54 - 00362029 _____ () C:\Users\IngridSchaaf\Desktop\sqlite3.dll 2014-03-15 16:52 - 2014-03-15 16:53 - 00000000 ____D () C:\Program Files\PDFCreator 2014-03-15 16:52 - 2014-03-15 16:52 - 00000989 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-03-15 16:52 - 2014-03-15 16:52 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\pdfforge 2014-03-15 16:52 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\system32\MSMAPI32.OCX 2014-03-15 16:52 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL 2014-03-15 16:52 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCDE.DLL 2014-03-15 16:13 - 2014-03-15 16:13 - 00488160 _____ () C:\Users\IngridSchaaf\Downloads\Zattoo-5.0.1.exe 2014-03-15 08:58 - 2014-03-15 08:58 - 00000698 _____ () C:\Users\IngridSchaaf\Desktop\JRT.txt 2014-03-15 08:43 - 2014-03-15 08:43 - 00987442 _____ () C:\Users\IngridSchaaf\Downloads\SecurityCheck.exe 2014-03-14 13:34 - 2014-03-14 13:35 - 02347384 _____ (ESET) C:\Users\IngridSchaaf\Downloads\esetsmartinstaller_enu.exe 2014-03-13 17:26 - 2014-03-13 17:26 - 00006036 _____ () C:\Users\IngridSchaaf\Downloads\dünengras_variiert.abr 2014-03-13 13:55 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 13:55 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 13:55 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 13:55 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 13:55 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 13:55 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 13:55 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 13:55 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 13:55 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 13:55 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 13:55 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 13:55 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 13:55 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 13:55 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 13:55 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 13:55 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 13:55 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 13:55 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 13:55 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 13:55 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 13:55 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 13:55 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 13:55 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 13:54 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 13:54 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 13:54 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 13:54 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-11 13:09 - 2014-03-11 13:09 - 00000000 ____D () C:\Users\IngridSchaaf\Downloads\FRST-OlderVersion 2014-03-11 12:55 - 2014-03-11 12:55 - 00000000 ____D () C:\Windows\ERUNT 2014-03-11 12:41 - 2014-03-11 12:47 - 00000000 ____D () C:\AdwCleaner 2014-03-11 12:09 - 2014-03-11 12:09 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-11 12:09 - 2014-03-11 12:09 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Malwarebytes 2014-03-11 12:09 - 2014-03-11 12:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-11 12:09 - 2014-03-11 12:09 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-11 12:09 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-11 12:05 - 2014-03-11 12:05 - 01037734 _____ (Thisisu) C:\Users\IngridSchaaf\Downloads\JRT.exe 2014-03-11 12:04 - 2014-03-11 12:04 - 01949184 _____ () C:\Users\IngridSchaaf\Downloads\adwcleaner.exe 2014-03-11 12:03 - 2014-03-11 12:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\IngridSchaaf\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-10 12:27 - 2014-03-10 12:27 - 00029875 _____ () C:\ComboFix.txt 2014-03-10 11:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-03-10 11:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-03-10 11:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-03-10 11:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-03-10 11:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-03-10 11:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-03-10 11:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-03-10 11:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-03-09 09:37 - 2014-03-10 12:27 - 00000000 ____D () C:\Qoobox 2014-03-09 09:36 - 2014-03-10 12:24 - 00000000 ____D () C:\Windows\erdnt 2014-03-09 09:23 - 2014-03-09 09:36 - 05187267 ____R (Swearware) C:\Users\IngridSchaaf\Downloads\ComboFix.exe 2014-03-08 17:13 - 2014-03-08 17:15 - 00043614 _____ () C:\Users\IngridSchaaf\Downloads\Addition.txt 2014-03-08 17:12 - 2014-03-15 17:42 - 00021925 _____ () C:\Users\IngridSchaaf\Downloads\FRST.txt 2014-03-08 17:10 - 2014-03-15 17:42 - 00000000 ____D () C:\FRST 2014-03-08 17:07 - 2014-03-11 13:09 - 01145856 _____ (Farbar) C:\Users\IngridSchaaf\Downloads\FRST.exe 2014-03-08 07:58 - 2014-03-08 07:58 - 00003225 _____ () C:\Users\IngridSchaaf\Desktop\Sophos Virus Removal Tool.lnk 2014-03-08 07:56 - 2014-03-08 07:56 - 85311952 _____ (Sophos Limited) C:\Users\IngridSchaaf\Downloads\Sophos Virus Removal Tool.exe 2014-03-07 18:15 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-07 17:56 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-03-07 17:56 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-03-07 17:56 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-03-07 17:55 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-03-07 17:55 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-03-07 17:55 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-03-07 17:55 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-03-07 17:55 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-03-07 17:55 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-03-07 17:49 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-03-07 17:49 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-03-07 17:49 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-03-07 17:49 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-03-07 17:49 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-03-07 17:37 - 2014-03-07 17:37 - 00002012 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-07 17:37 - 2014-03-07 17:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-07 14:16 - 2014-03-07 14:16 - 00000000 ____D () C:\ProgramData\Sophos 2014-03-07 14:09 - 2014-03-07 14:09 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-03-07 14:09 - 2014-03-07 14:09 - 00000000 ____D () C:\Program Files\Sophos 2014-03-07 13:25 - 2014-03-07 13:36 - 00000000 ____D () C:\Windows\pss 2014-02-25 19:03 - 2014-02-25 19:03 - 00000000 ____D () C:\Program Files\Franzis ==================== One Month Modified Files and Folders ======= 2014-03-15 17:43 - 2014-03-08 17:12 - 00021925 _____ () C:\Users\IngridSchaaf\Downloads\FRST.txt 2014-03-15 17:42 - 2014-03-08 17:10 - 00000000 ____D () C:\FRST 2014-03-15 17:41 - 2011-09-14 17:10 - 00000000 ____D () C:\Program Files\KatMouse 2014-03-15 17:17 - 2011-05-06 14:13 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-15 17:16 - 2011-05-06 14:06 - 01406908 _____ () C:\Windows\WindowsUpdate.log 2014-03-15 17:15 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-15 17:15 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-15 17:14 - 2011-05-06 16:13 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Skype 2014-03-15 17:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2014-03-15 17:10 - 2011-08-11 12:10 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini 2014-03-15 17:09 - 2013-10-18 07:57 - 00063610 _____ () C:\Windows\PFRO.log 2014-03-15 17:09 - 2013-09-30 10:59 - 00022009 _____ () C:\Windows\setupact.log 2014-03-15 17:09 - 2012-03-06 10:25 - 00000000 ____D () C:\Program Files\Defraggler 2014-03-15 17:09 - 2011-05-06 15:42 - 00000000 ____D () C:\Program Files\WinRAR 2014-03-15 17:08 - 2012-03-30 18:58 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-15 17:08 - 2012-03-30 18:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-15 17:08 - 2011-05-16 14:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-15 17:04 - 2014-03-15 17:04 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-03-15 17:04 - 2014-03-15 17:04 - 00000000 ____D () C:\Program Files\QuickTime 2014-03-15 17:00 - 2014-03-15 17:00 - 41945432 _____ (Apple Inc.) C:\Users\IngridSchaaf\Downloads\QuickTimeInstaller.exe 2014-03-15 16:59 - 2011-05-06 15:42 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-03-15 16:58 - 2013-10-03 07:59 - 00000937 _____ () C:\Users\Public\Desktop\Speccy.lnk 2014-03-15 16:58 - 2011-11-22 15:32 - 00000000 ____D () C:\Program Files\Speccy 2014-03-15 16:55 - 2014-03-15 16:55 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Local\Skype 2014-03-15 16:55 - 2014-03-15 16:55 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-15 16:55 - 2011-05-06 16:13 - 00000000 ___RD () C:\Program Files\Skype 2014-03-15 16:55 - 2011-05-06 16:13 - 00000000 ____D () C:\ProgramData\Skype 2014-03-15 16:54 - 2014-03-15 16:54 - 00362029 _____ () C:\Users\IngridSchaaf\Desktop\sqlite3.dll 2014-03-15 16:53 - 2014-03-15 16:52 - 00000000 ____D () C:\Program Files\PDFCreator 2014-03-15 16:52 - 2014-03-15 16:52 - 00000989 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-03-15 16:52 - 2014-03-15 16:52 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\pdfforge 2014-03-15 16:39 - 2012-08-28 12:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-03-15 16:35 - 2011-05-06 16:17 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-03-15 16:31 - 2013-11-13 09:27 - 00001863 _____ () C:\Users\Public\Desktop\Defraggler.lnk 2014-03-15 16:30 - 2011-12-19 09:53 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-15 16:24 - 2013-05-19 08:43 - 00000000 ____D () C:\ProgramData\Package Cache 2014-03-15 16:13 - 2014-03-15 16:13 - 00488160 _____ () C:\Users\IngridSchaaf\Downloads\Zattoo-5.0.1.exe 2014-03-15 16:03 - 2013-11-23 13:23 - 00017408 _____ () C:\Users\IngridSchaaf\AppData\Local\WebpageIcons.db 2014-03-15 16:00 - 2011-08-14 21:28 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Local\CrashDumps 2014-03-15 15:57 - 2011-05-06 16:03 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Local\Adobe 2014-03-15 08:58 - 2014-03-15 08:58 - 00000698 _____ () C:\Users\IngridSchaaf\Desktop\JRT.txt 2014-03-15 08:43 - 2014-03-15 08:43 - 00987442 _____ () C:\Users\IngridSchaaf\Downloads\SecurityCheck.exe 2014-03-14 13:35 - 2014-03-14 13:34 - 02347384 _____ (ESET) C:\Users\IngridSchaaf\Downloads\esetsmartinstaller_enu.exe 2014-03-13 17:26 - 2014-03-13 17:26 - 00006036 _____ () C:\Users\IngridSchaaf\Downloads\dünengras_variiert.abr 2014-03-13 16:02 - 2009-07-14 05:33 - 03844864 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 16:00 - 2012-01-28 17:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-13 14:07 - 2011-05-10 09:13 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-11 13:09 - 2014-03-11 13:09 - 00000000 ____D () C:\Users\IngridSchaaf\Downloads\FRST-OlderVersion 2014-03-11 13:09 - 2014-03-08 17:07 - 01145856 _____ (Farbar) C:\Users\IngridSchaaf\Downloads\FRST.exe 2014-03-11 12:55 - 2014-03-11 12:55 - 00000000 ____D () C:\Windows\ERUNT 2014-03-11 12:47 - 2014-03-11 12:41 - 00000000 ____D () C:\AdwCleaner 2014-03-11 12:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help 2014-03-11 12:09 - 2014-03-11 12:09 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-11 12:09 - 2014-03-11 12:09 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Malwarebytes 2014-03-11 12:09 - 2014-03-11 12:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-11 12:09 - 2014-03-11 12:09 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-11 12:05 - 2014-03-11 12:05 - 01037734 _____ (Thisisu) C:\Users\IngridSchaaf\Downloads\JRT.exe 2014-03-11 12:04 - 2014-03-11 12:04 - 01949184 _____ () C:\Users\IngridSchaaf\Downloads\adwcleaner.exe 2014-03-11 12:03 - 2014-03-11 12:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\IngridSchaaf\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-10 12:27 - 2014-03-10 12:27 - 00029875 _____ () C:\ComboFix.txt 2014-03-10 12:27 - 2014-03-09 09:37 - 00000000 ____D () C:\Qoobox 2014-03-10 12:27 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2014-03-10 12:27 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2014-03-10 12:24 - 2014-03-09 09:36 - 00000000 ____D () C:\Windows\erdnt 2014-03-10 12:16 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2014-03-10 12:13 - 2011-05-06 14:10 - 00000000 ____D () C:\Users\IngridSchaaf 2014-03-10 11:38 - 2012-10-17 11:52 - 00000000 ____D () C:\ProgramData\Avira 2014-03-10 11:38 - 2012-10-17 11:52 - 00000000 ____D () C:\Program Files\Avira 2014-03-09 09:36 - 2014-03-09 09:23 - 05187267 ____R (Swearware) C:\Users\IngridSchaaf\Downloads\ComboFix.exe 2014-03-08 17:15 - 2014-03-08 17:13 - 00043614 _____ () C:\Users\IngridSchaaf\Downloads\Addition.txt 2014-03-08 09:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-03-08 07:58 - 2014-03-08 07:58 - 00003225 _____ () C:\Users\IngridSchaaf\Desktop\Sophos Virus Removal Tool.lnk 2014-03-08 07:56 - 2014-03-08 07:56 - 85311952 _____ (Sophos Limited) C:\Users\IngridSchaaf\Downloads\Sophos Virus Removal Tool.exe 2014-03-08 07:52 - 2012-02-08 16:30 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-03-07 18:22 - 2013-07-12 13:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-07 18:18 - 2011-05-06 14:47 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-07 18:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-03-07 17:37 - 2014-03-07 17:37 - 00002012 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-07 17:37 - 2014-03-07 17:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-07 17:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-03-07 17:28 - 2013-07-03 10:27 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Atomic Alarm Clock 6 2014-03-07 17:28 - 2012-08-23 08:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-07 17:28 - 2012-02-20 12:11 - 00000000 ____D () C:\Users\Administrator 2014-03-07 17:28 - 2011-05-10 13:57 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-03-07 17:28 - 2011-05-06 16:17 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\IrfanView 2014-03-07 17:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-03-07 17:27 - 2011-05-06 15:39 - 00000000 ____D () C:\Windows\system32\Macromed 2014-03-07 17:23 - 2013-12-10 09:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-07 14:16 - 2014-03-07 14:16 - 00000000 ____D () C:\ProgramData\Sophos 2014-03-07 14:09 - 2014-03-07 14:09 - 00000000 ____D () C:\Users\IngridSchaaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-03-07 14:09 - 2014-03-07 14:09 - 00000000 ____D () C:\Program Files\Sophos 2014-03-07 13:36 - 2014-03-07 13:25 - 00000000 ____D () C:\Windows\pss 2014-03-01 05:30 - 2014-03-13 13:55 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 05:11 - 2014-03-13 13:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 05:10 - 2014-03-13 13:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 04:52 - 2014-03-13 13:55 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 04:51 - 2014-03-13 13:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-13 13:55 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 04:43 - 2014-03-13 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 04:43 - 2014-03-13 13:55 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 04:40 - 2014-03-13 13:55 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 04:38 - 2014-03-13 13:55 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 04:38 - 2014-03-13 13:55 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 04:37 - 2014-03-13 13:55 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 04:31 - 2014-03-13 13:55 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 04:25 - 2014-03-13 13:55 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 04:16 - 2014-03-13 13:55 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:14 - 2014-03-13 13:55 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:03 - 2014-03-13 13:55 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:00 - 2014-03-13 13:55 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 03:57 - 2014-03-13 13:55 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 03:32 - 2014-03-13 13:55 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 03:27 - 2014-03-13 13:55 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:25 - 2014-03-13 13:55 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-25 19:03 - 2014-02-25 19:03 - 00000000 ____D () C:\Program Files\Franzis Some content of TEMP: ==================== C:\Users\IngridSchaaf\AppData\Local\temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-11 09:45 ==================== End Of Log ============================ --- --- --- Die Meldung von MBAM kam heute den ganzen Tag noch. Ob sie jetzt ausbleibt, kann ich jetzt noch nicht sagen, da sie ja nur sporadisch kam. Ich muss zu meinem Leidwesen eingestehen, dass ich wohl heute gedankenlos einen Fehler produziert habe. Ich habe ein paar Programme aktualisiert. Das hätte ich wohl nicht tun dürfen, oder? Du darfst herkommen und mich hauen. Kommt vielleicht doch davon, wenn man über 70 ist. Ist vielleicht aber auch nicht so schlimm ---- hoffe ich!!!!!  Trotzdem einen schönen Samstag-Abend und Grüße Schaefchen |
|
16.03.2014, 17:08
| #14 |
| /// the machine /// TB-Ausbilder | Ich scheine einen Virus oder Trojaner auf meinem System zu haben! Nee nicht schlimm TEste mal und berichte wie sich der Rechner verhält.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.03.2014, 20:08
| #15 |
| | Ich scheine einen Virus oder Trojaner auf meinem System zu haben! Hallo, Schrauber, die Meldung von MBAM kommt nun nicht mehr. Manchmal bleiben diverse Fenster nach dem Schließen immer noch auf dem Desktop stehen. Sie sind aber nicht mehr vorhanden, was ich im Task-Manager sehen kann. Es dauert dann sehr lange bis die wieder verschwinden. Ansonsten kann ich nichts Negatives berichten. Muss ich sonst noch etwas tun? Ich schicke Grüße Schaefchen |
|
| Themen zu Ich scheine einen Virus oder Trojaner auf meinem System zu haben! |
| antivir, bestimmte, bestimmten, gespeichert, google, guten, hängen, jahre, nicht mehr, ordner, registry, removal, scan, schei, seite, sophos, starte, startseite, super, system, tool, trojaner, unbekannter, virus, volume, volumen |
Linear-Darstellung
