| |
| |||||||
Log-Analyse und Auswertung: PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekanntWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.03.2014, 03:34
| #1 |
| |  PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt Hallo, Wie bereits in der Überschrift erwähnt, spielt mein PC seit zwei Tagen nachts die Tonspur von Werbespots ab. Während dies geschieht ist kein Fenster oder Tab in meinem Internetbrowser (Firefox 27) geöffnet, in dem ein Webefilm abläuft. Ich würde nun wirklich gerne wissen, mit welchem Wurm/Virus/Trojaner diese merkwürdigen und auch leicht unheimlichen (vor allem mitten in der Nacht) Vorkommnisse im Zusammenhang stehen. Ein Scann mit Avira Free Antivirus zeigt mir nämlich "0 Funde" an, was allerdings nicht bedeutet, dass mein PC sich nicht doch irgendwie etwas eingefangen hat. Ich habe den PC auch nochmals mit HighjackThis gescannt. Das Logfile poste ich weiter unten. Da ich leider nicht sonderlich viel Ahnung von Computern habe, hoffe ich jemand in diesem Forum kann mir irgendwie weiterhelfen. Danke im Voraus. PS: Wäre es sinnvoll, falls ein Neuaufsetzen des Betriebssystem nötig sein sollte, ein Linux basiertes Betriebssystem auszuwählen? Ich habe gelesen, dass dafür im Netz angeblich kaum Viren rumschwirren sollen. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 03:02:15, on 29.03.2014 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16540) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\ProgramData\fsc-reg\fscreg.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Windows\system32\conime.exe C:\Users\Sandra\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe O1 - Hosts: ::1 localhost O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [recinfo518] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20110608 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - ESC Trusted Zone: hxxp://*.update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\system32\urlmon.dll O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll O18 - Protocol hijack: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} O18 - Protocol hijack: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} O18 - Protocol hijack: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll O18 - Protocol hijack: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll O18 - Protocol hijack: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UCManSvc - Paltiosoft Inc. - C:\Program Files\SoftDenchi\UCManSvc.exe -- End of file - 9842 bytes |
|
29.03.2014, 07:28
| #2 |
| /// the machine /// TB-Ausbilder    | PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
29.03.2014, 17:55
| #3 | |
| | PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt Hi,
__________________danke für die Info, sorry. Hier nochmal das Logfile von HighjackThis. Weiter unten folgen die Logfiles FRST.txt und ADDITION.txt. Leider habe ich es nicht geschafft weitere mit GMER zu erstellen weil Aivra Free Antivirus mich den Virenscanner abschalten lässt. [CODE] HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:12:25, on 29.03.2014 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16540) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\ProgramData\fsc-reg\fscreg.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Windows\system32\conime.exe C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe C:\Users\Sandra\AppData\Local\Temp\OCS\ocs_v71a.exe C:\Users\Sandra\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe O1 - Hosts: ::1 localhost O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [recinfo518] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20110608 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - ESC Trusted Zone: hxxp://*.update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UCManSvc - Paltiosoft Inc. - C:\Program Files\SoftDenchi\UCManSvc.exe -- End of file - 8442 bytes FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Sandra (administrator) on GREYGROVES-PC on 29-03-2014 06:25:08
Running from C:\Users\Sandra\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
() C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Fujitsu Siemens Computers) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
(Paltiosoft Inc.) C:\Program Files\SoftDenchi\UCManSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Fujitsu Siemens Computers) C:\ProgramData\fsc-reg\fscreg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4399104 2007-03-13] (Realtek Semiconductor)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [recinfo518] - c:\RecInfo\RecInfo.exe [2764800 2007-10-23] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [IR_SERVER] - C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-03-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [fsc-reg] - C:\ProgramData\fsc-reg\fscreg.exe [533264 2007-11-08] (Fujitsu Siemens Computers)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [BitTorrent] - "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {35120929-95dd-11e0-a2f4-00030d7ba2a3} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {6a94ad7f-a7be-11e3-879b-00030d7ba2a3} - G:\install.exe
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {b81f2b63-2ff4-11e2-a0fc-00030d7ba2a3} - G:\Startme.exe
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40AB67D1647BCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP669FCDA1-BC22-4A2F-A615-33489BE4AD95&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP669FCDA1-BC22-4A2F-A615-33489BE4AD95&q={searchTerms}&SSPV=
SearchScopes: HKCU - {DDF40AA0-165A-41B9-B2F8-439648D6642E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=337B8A12-C019-43BD-94E6-76431D8802C0&apn_sauid=02853706-2902-47A9-AF0E-9B91B1AD271F
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\ich@maltegoetz.de [2013-12-13]
FF Extension: WOT - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: DownloadHelper - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: BrowserProtect - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\browserprotect@browserprotect.com.xpi [2011-06-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Easy YouTube Video Downloader - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-05-06]
FF Extension: Adblock Plus - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-08]
FF Extension: BetterPrivacy - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-06-08]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-03-14]
FF HKLM\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files\Iminent\webbooster@iminent.com
Chrome:
=======
CHR HomePage: hxxp://www.google.com
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Sandra at 2014-03-29 06:26:20
Running from C:\Users\Sandra\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
ArcSoft TotalMedia 3.5 (HKLM\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.388 - ArcSoft)
Avira (Version: 1.0.5186.22941 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Citavi (HKLM\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.1.15.0 - Swiss Academic Software)
Citrix Presentation Server Client - Nur Web (HKLM\...\{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}) (Version: 10.150.58643 - Citrix Systems, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
DVBT Driver (Version: 1.1.3.1 - ) Hidden
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
Freemake Video Converter Version 3.2.1 (HKLM\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
FSCLounge (HKLM\...\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}) (Version: 1.0.0 - Fujitsu Siemens Computers)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 38 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.380 - Oracle)
Juniper Networks Network Connect 7.2.0 (HKLM\...\Juniper Network Connect 7.2.0) (Version: 7.2.0.21697 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.3.7.38707 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{AF88496B-4BBA-4922-97E9-2582D3A28358}) (Version: 7.1.48.0 - Nokia)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PC Connectivity Solution (HKLM\...\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}) (Version: 11.5.13.0 - Nokia)
REALTEK DTV USB DEVICE (HKLM\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
sdrt(5.0, 32bit) (HKLM\...\{63A3DBCF-FB40-4398-9AE5-94EE6206CE12}) (Version: 5.0.3.0 - Paltiosoft Inc.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.197 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR 4.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
咎狗の血 (HKLM\...\{F004C3DF-05BA-48AA-98E4-22A7F686AD1F}) (Version: - )
==================== Restore Points =========================
11-03-2014 19:00:37 Windows Update
18-03-2014 15:39:34 Windows Update
18-03-2014 19:00:31 Windows Update
20-03-2014 10:26:24 Geplanter Prüfpunkt
21-03-2014 19:38:50 Geplanter Prüfpunkt
24-03-2014 15:43:36 Geplanter Prüfpunkt
25-03-2014 17:00:43 Windows Update
25-03-2014 17:10:09 Sony Ericsson PC Suite Drivers
26-03-2014 16:51:45 Geplanter Prüfpunkt
29-03-2014 00:57:21 削除済み sweet pool
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {25D733D0-33FF-41FB-8FE8-B898F5C682AA} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-18] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4048BD3F-4ED3-4756-84E8-4C1A1D8A8BFF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {75754DEC-EC39-48FB-AA43-E7213F3FBDB4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {D2DFE275-B841-477D-922E-73FA68D25E21} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {D7F9574A-B2F8-464F-A84B-D94C6A614A3C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-06-07] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-03-11 07:57 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2007-06-04 14:20 - 2007-06-04 14:20 - 00065536 _____ () C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
2007-08-27 09:54 - 2007-08-27 09:54 - 00155648 _____ () C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWUpdater\0.18\FSCWUpdater.dll
2011-06-13 11:05 - 2014-03-29 05:56 - 00176128 _____ () C:\Windows\assembly\GAC_MSIL\FSCWCOM\1.0.0.0__8a33c55e43c2707f\FSCWCOM.dll
2011-06-13 11:05 - 2014-03-29 05:56 - 05881856 _____ () C:\Windows\assembly\GAC_MSIL\FSCWorld\6.0.6000.0__8a33c55e43c2707f\FSCWorld.dll
2011-06-13 11:05 - 2014-03-29 05:56 - 00040960 _____ () C:\Windows\assembly\GAC_MSIL\iFSCWTransfer\1.0.0.0__8a33c55e43c2707f\iFSCWTransfer.dll
2014-03-14 12:46 - 2014-03-14 12:46 - 00111696 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-03-14 12:46 - 2014-03-14 12:46 - 00061520 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-03-11 07:59 - 2014-03-14 12:46 - 00049744 _____ () C:\Users\Sandra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2012-11-16 18:17 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2012-11-16 18:17 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 13:54 - 2011-07-07 13:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2013-04-19 10:32 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2012-11-16 18:17 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2013-01-09 12:11 - 2013-01-09 12:11 - 00599040 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2012-09-12 21:09 - 2007-04-19 08:33 - 00035584 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll
2011-06-10 07:14 - 2009-04-10 22:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2013-08-02 22:56 - 2008-11-26 15:59 - 00131584 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
2013-08-02 22:56 - 2008-10-22 15:01 - 00200704 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
2012-11-16 18:17 - 2013-10-31 11:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2011-01-17 15:19 - 2011-06-07 21:08 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-02-15 10:54 - 2014-02-15 10:54 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Sandra\Documents\The Chemical Brothers - Swoon.mp4:TOC.WMV
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/29/2014 06:24:15 AM) (Source: Application Hang) (User: )
Description: Programm FRST.exe, Version 3.3.10.2 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 134
Anfangszeit: 01cf4b0e097829d5
Zeitpunkt der Beendigung: 56
Error: (03/29/2014 01:57:13 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {40cef7c3-c59d-42f3-8ceb-8afbb95073af}
Error: (03/25/2014 06:17:32 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0QI1B2E2.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/25/2014 06:17:32 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0QI1B2E2.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/25/2014 06:17:29 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\SONY PC COMPANION 2.1.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/25/2014 06:17:29 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\SONY PC COMPANION 2.1.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/25/2014 06:17:27 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/25/2014 06:17:27 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/25/2014 04:41:56 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 27.0.1.5156 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 13d0
Anfangszeit: 01cf4753151b39cc
Zeitpunkt der Beendigung: 1174
Error: (03/24/2014 02:40:26 AM) (Source: UCManSvc) (User: )
Description: Not terminated. ({0100166B-072D-6839-9E9F-006052036AD8}, 00090B58)
System errors:
=============
Error: (03/25/2014 06:11:56 PM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (03/25/2014 06:07:36 PM) (Source: Service Control Manager) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0%%1053
Error: (03/25/2014 06:07:35 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Presentation Foundation Font Cache 4.0.0.0
Error: (03/25/2014 04:43:30 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Error: (03/18/2014 03:26:35 PM) (Source: Service Control Manager) (User: )
Description: Avira Service Host1100001Neustart des Diensts
Error: (03/13/2014 06:54:10 PM) (Source: Service Control Manager) (User: )
Description: 30000UCManSvc
Error: (03/09/2014 07:40:56 PM) (Source: Service Control Manager) (User: )
Description: UCManSvc
Error: (03/09/2014 06:59:43 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Error: (02/21/2014 10:58:15 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman
Error: (02/21/2014 10:57:45 PM) (Source: Service Control Manager) (User: )
Description: 30000Wlansvc
Microsoft Office Sessions:
=========================
Error: (03/29/2014 06:24:15 AM) (Source: Application Hang)(User: )
Description: FRST.exe3.3.10.213401cf4b0e097829d556
Error: (03/29/2014 01:57:13 AM) (Source: VSS)(User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {40cef7c3-c59d-42f3-8ceb-8afbb95073af}
Error: (03/25/2014 06:17:32 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0QI1B2E2.DEFAULT\SAFEBROWSING-TO_DELETE
Error: (03/25/2014 06:17:32 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0QI1B2E2.DEFAULT\SAFEBROWSING-BACKUP
Error: (03/25/2014 06:17:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\SONY PC COMPANION 2.1.LNK
Error: (03/25/2014 06:17:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\SONY PC COMPANION 2.1.LNK
Error: (03/25/2014 06:17:27 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\DEINSTALLIEREN.LNK
Error: (03/25/2014 06:17:27 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\DEINSTALLIEREN.LNK
Error: (03/25/2014 04:41:56 AM) (Source: Application Hang)(User: )
Description: firefox.exe27.0.1.515613d001cf4753151b39cc1174
Error: (03/24/2014 02:40:26 AM) (Source: UCManSvc)(User: )
Description: Not terminated. ({0100166B-072D-6839-9E9F-006052036AD8}, 00090B58)
CodeIntegrity Errors:
===================================
Date: 2012-12-03 23:13:47.935
Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-03 23:13:47.143
Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-03 23:13:32.788
Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-03 23:13:31.958
Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-03 23:13:27.512
Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-03 23:13:26.560
Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-03 23:13:25.719
Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-03 23:13:24.628
Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-03 23:13:23.627
Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-03 23:13:22.743
Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 72%
Total physical RAM: 2037.7 MB
Available physical RAM: 555.83 MB
Total Pagefile: 4316.41 MB
Available Pagefile: 2498.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.46 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:148.59 GB) (Free:44.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:36.2 GB) (Free:29.29 GB) NTFS
Drive f: (Volume) (Fixed) (Total:36.09 GB) (Free:16.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 95CF9DF0)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=36 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=36 GB) - (Type=OF Extended)
==================== End Of Log ============================
--- --- --- Ups, ich meinte natürlich, ich konnte keine weiteren Logfiles mit GMER erstellen, weil Avira mich den Virenscanner NICHT abschalten lässt. Zitat:
|
|
30.03.2014, 07:41
| #4 |
| /// the machine /// TB-Ausbilder | PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.04.2014, 04:37
| #5 |
| | PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt Hi, ich habe den Scan mit Combofix durchgeführt. Zunächst hatte ich jedoch folgende Meldung erhalten : Current date is 2014-04 02. Combofiy has expired click 'Yes' to run in reduced functioning mode. Click 'No' to exit. Um den Scanprozess zu beginnen blieb mir nichts anderes als mit 'Yes' zu bestätigen. Ich hoffe, dass das keine negativen Auswirkungen hatte. Hier also das Logfile: Code:
ATTFilter ComboFix 14-03-24.01 - Sandra 02.04.2014 18:14:24.1.2 - x86
Running from: F:\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sandra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-03-02 to 2014-04-02 )))))))))))))))))))))))))))))))
.
.
2014-04-01 18:55 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CE67F4D-C422-4EC7-8425-4C338C444409}\mpengine.dll
2014-03-29 05:19 . 2014-03-29 05:29 -------- d-----w- C:\FRST
2014-03-18 01:34 . 2014-03-18 01:35 -------- d-----w- c:\users\Sandra\dwhelper
2014-03-17 19:01 . 2014-03-17 19:01 -------- d-----w- c:\users\Sandra\AppData\Local\Skype
2014-03-17 19:01 . 2014-03-17 19:01 -------- d-----w- c:\program files\Common Files\Skype
2014-03-12 10:57 . 2014-03-18 11:55 -------- d-----w- C:\OETemp
2014-03-11 17:45 . 2014-02-03 10:37 505344 ----a-w- c:\windows\system32\qedit.dll
2014-03-11 07:05 . 2014-03-11 07:05 -------- d-----w- c:\users\Sandra\AppData\Roaming\Avira
2014-03-11 06:57 . 2014-02-25 10:41 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-03-11 06:57 . 2014-02-25 10:41 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-03-11 06:57 . 2014-02-25 10:41 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-03-11 06:54 . 2014-03-31 17:58 -------- d-----w- c:\program files\Avira
2014-03-11 06:54 . 2014-03-31 17:56 -------- d-----w- c:\programdata\Package Cache
2014-03-09 19:20 . 2014-03-09 19:20 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-03-09 18:55 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2014-03-09 18:53 . 2014-03-09 18:54 -------- d--h--w- c:\windows\msdownld.tmp
2014-03-09 18:44 . 2014-03-20 23:21 -------- d-----w- c:\users\Sandra\AppData\Roaming\NitroplusCHiRAL
2014-03-09 18:40 . 2014-03-09 18:46 -------- d-----w- c:\programdata\Paltiosoft
2014-03-09 18:40 . 2014-03-09 18:40 -------- d-----w- c:\windows\ucharge
2014-03-09 18:40 . 2014-03-09 20:34 -------- d-----w- c:\program files\SoftDenchi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 03:19 . 2012-06-14 01:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 03:19 . 2011-06-08 18:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-23 05:40 . 2014-03-11 19:04 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-23 05:37 . 2014-03-11 19:04 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-14 06:23 . 2014-02-14 06:23 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-02-07 10:38 . 2014-03-11 17:45 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-01-30 07:46 . 2014-03-11 17:45 876032 ----a-w- c:\windows\system32\wer.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-10-31 449760]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-13 4399104]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"recinfo518"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-03-25 173136]
.
c:\users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-16 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-9-12 268864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35120929-95dd-11e0-a2f4-00030d7ba2a3}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a94ad7f-a7be-11e3-879b-00030d7ba2a3}]
\shell\AutoRun\command - G:\install.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b81f2b63-2ff4-11e2-a0fc-00030d7ba2a3}]
\shell\AutoRun\command - G:\Startme.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 03:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
HKLM-Run-IR_SERVER - c:\progra~1\Realtek\REALTE~1\IR_SERVER.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-04-02 18:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\SoftDenchi\UCManSvc.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Sony\Sony PC Companion\PCCompanionInfo.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sdclt.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Completion time: 2014-04-02 18:30:13 - machine was rebooted
ComboFix-quarantined-files.txt 2014-04-02 16:30
.
Pre-Run: 23 Verzeichnis(se), 48.295.677.952 Bytes frei
Post-Run: 27 Verzeichnis(se), 49.830.383.616 Bytes frei
.
- - End Of File - - A9729A4041989D533EB9BAC579F53070
5C616939100B85E558DA92B899A0FC36
|
|
03.04.2014, 12:20
| #6 |
| /// the machine /// TB-Ausbilder | PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt passt  Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt |
|
04.04.2014, 18:33
| #7 |
| | PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt Hi, hier also die Logfiles zu den oben angegebenen Programmen. Alle schienen normal zu laufen, bis auf JTR. Hier hatte ich zunächst kein Logfile erhalten! Ich habe danach aber noch ein zweites Mal mit JTR gescannt und so endlich doch noch ein Logfile erhalten. Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 04.04.2014 Scan Time: 17:13:15 Logfile: mbam.txt Administrator: Yes Version: 2.00.0.1000 Malware Database: v2014.04.04.03 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: Sandra Scan Type: Threat Scan Result: Completed Objects Scanned: 231816 Time Elapsed: 29 min, 28 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 4 PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, , [20e056aa8f714bb55929f64bee14a759], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, , [1de3d32de0202bd58102f64bdf2339c7], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, , [5ca457a9f907a45c0e5ba3cb03ff5ca4], PUP.Optional.Iminent.A, HKU\S-1-5-21-1905741696-764202892-769940338-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, , [6f91ca3689773ec2fe6c244aab57ed13], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.OpenCandy, C:\Users\Sandra\AppData\Roaming\OpenCandy, , [42be12eec937f30df6f0a5ae4eb452ae], PUP.Optional.OpenCandy, C:\Users\Sandra\AppData\Roaming\OpenCandy\E41F76A6074B4B798F5E84723E395E52, , [42be12eec937f30df6f0a5ae4eb452ae], Files: 3 PUP.Optional.OpenCandy, C:\Users\Sandra\Downloads\DTLite4481-0347.exe, , [17e940c0e8184fb11d0ddc5b8b796b95], PUP.Optional.Conduit.A, C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\conduit-search.xml, , [2bd5f40c9e6214ec79c0174b679b08f8], PUP.Optional.OpenCandy, C:\Users\Sandra\AppData\Roaming\OpenCandy\E41F76A6074B4B798F5E84723E395E52\TuneUpUtilities2013_2200218_de-DE.exe, , [42be12eec937f30df6f0a5ae4eb452ae], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 04/04/2014 um 18:06:23
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Sandra - GREYGROVES-PC
# Gestartet von : F:\adwcleaner.exe
# Option : Loschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Geloscht : C:\ProgramData\boost_interprocess
Ordner Geloscht : C:\Windows\system32\SearchProtect
Ordner Geloscht : C:\Users\Sandra\AppData\Roaming\dvdvideosoftiehelpers
Datei Geloscht : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\browserprotect@browserprotect.com.xpi
Datei Geloscht : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\11-suche.xml
Datei Geloscht : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\Askcom.xml
Datei Geloscht : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
***** [ Verknupfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Geloscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Schlussel Geloscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlussel Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlussel Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlussel Geloscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlussel Geloscht : HKCU\Software\OCS
Schlussel Geloscht : HKCU\Software\Softonic
Schlussel Geloscht : HKCU\Software\YahooPartnerToolbar
Schlussel Geloscht : HKLM\Software\Trymedia Systems
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlussel Geloscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlussel Geloscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16540
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7220 octets] - [04/04/2014 17:47:30]
AdwCleaner[S0].txt - [7147 octets] - [04/04/2014 18:06:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7207 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Sandra on 04.04.2014 at 19:03:02,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DDF40AA0-165A-41B9-B2F8-439648D6642E}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\0qi1b2e2.default\minidumps [420 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2014 at 19:13:14,82
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Sandra (administrator) on GREYGROVES-PC on 04-04-2014 18:40:18 Running from C:\Users\Sandra\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe () C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Fujitsu Siemens Computers) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe (Paltiosoft Inc.) C:\Program Files\SoftDenchi\UCManSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Fujitsu Siemens Computers) C:\ProgramData\fsc-reg\fscreg.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Windows\system32\sdclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4399104 2007-03-14] (Realtek Semiconductor) HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.) HKLM\...\Run: [recinfo518] - c:\RecInfo\RecInfo.exe [2764800 2007-10-23] () HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira Systray] - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [fsc-reg] - C:\ProgramData\fsc-reg\fscreg.exe [533264 2007-11-08] (Fujitsu Siemens Computers) HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation) HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony) HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {35120929-95dd-11e0-a2f4-00030d7ba2a3} - G:\LaunchU3.exe -a HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {6a94ad7f-a7be-11e3-879b-00030d7ba2a3} - G:\install.exe HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {b81f2b63-2ff4-11e2-a0fc-00030d7ba2a3} - G:\Startme.exe Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40AB67D1647BCC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {DDF40AA0-165A-41B9-B2F8-439648D6642E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=337B8A12-C019-43BD-94E6-76431D8802C0&apn_sauid=02853706-2902-47A9-AF0E-9B91B1AD271F BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default FF SearchEngineOrder.1: Ask.com FF Homepage: hxxp://www.google.com FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\google-default.xml FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\ich@maltegoetz.de [2013-12-13] FF Extension: WOT - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28] FF Extension: DownloadHelper - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF Extension: Easy YouTube Video Downloader - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-05-06] FF Extension: Adblock Plus - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-08] FF Extension: BetterPrivacy - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-06-08] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-29] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-03-29] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-03-14] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Media Go Detector) - C:\Program Files\Sony\Media Go\npmediago.dll No File CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Drive) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-09] CHR Extension: (YouTube) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-09] CHR Extension: (Google-Suche) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-09] CHR Extension: (Google Mail) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-09] ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG) R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [683696 2012-08-24] (Juniper Networks) R2 FSCLBaseUpdaterService; C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [65536 2007-06-04] () R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) R2 UCManSvc; C:\Program Files\SoftDenchi\UCManSvc.exe [186512 2012-11-01] (Paltiosoft Inc.) S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X] S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X] ==================== Drivers (Whitelisted) ==================== R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG) R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-08-24] (Juniper Networks) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-03-09] (Disc Soft Ltd) S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-04] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation) S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188520 2011-05-17] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2011-05-17] (REALTEK SEMICONDUCTOR Corp.) S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [42728 2011-06-13] (Realtek) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-14] (Duplex Secure Ltd.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH) S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 moufiltr; system32\DRIVERS\moufiltr.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 vhidmini; system32\DRIVERS\walvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-04 18:16 - 2014-04-04 18:16 - 00000000 ____D () C:\Windows\ERUNT 2014-04-04 17:47 - 2014-04-04 18:06 - 00000000 ____D () C:\AdwCleaner 2014-04-04 16:37 - 2014-04-04 18:33 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-04-04 16:36 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-04 16:36 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-04 16:36 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-03 03:15 - 2014-04-03 03:15 - 00010150 _____ () C:\ComboFix.txt 2014-04-02 18:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-02 18:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-02 18:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-02 18:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-02 18:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-02 18:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-02 18:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-02 18:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-02 18:07 - 2014-04-02 18:07 - 00007534 _____ () C:\Users\Sandra\Documents\gmer logfile.log 2014-04-02 17:44 - 2014-04-02 17:44 - 00380416 _____ () C:\Users\Sandra\Downloads\xbhmbskk.exe 2014-04-02 16:27 - 2014-04-03 03:15 - 00000000 ____D () C:\Qoobox 2014-04-02 16:27 - 2014-04-02 18:27 - 00000000 ____D () C:\Windows\erdnt 2014-03-31 20:30 - 2014-03-31 20:30 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix(1).exe 2014-03-31 20:11 - 2014-03-31 20:12 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix.exe 2014-03-29 09:06 - 2014-03-29 09:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-29 07:21 - 2014-03-29 07:29 - 00025541 _____ () C:\Users\Sandra\Downloads\Addition.txt 2014-03-29 07:19 - 2014-04-04 18:40 - 00018574 _____ () C:\Users\Sandra\Downloads\FRST.txt 2014-03-29 07:19 - 2014-04-04 18:40 - 00000000 ____D () C:\FRST 2014-03-29 06:23 - 2014-04-02 15:44 - 00000526 _____ () C:\Users\Sandra\Downloads\defogger_disable.log 2014-03-29 06:23 - 2014-03-29 06:23 - 00000176 _____ () C:\Users\Sandra\defogger_reenable 2014-03-29 06:17 - 2014-03-29 06:17 - 01145856 _____ (Farbar) C:\Users\Sandra\Downloads\FRST.exe 2014-03-29 06:17 - 2014-03-29 06:17 - 00380416 _____ () C:\Users\Sandra\Downloads\05ics8ji.exe 2014-03-29 06:17 - 2014-03-29 06:17 - 00050477 _____ () C:\Users\Sandra\Downloads\Defogger.exe 2014-03-29 04:02 - 2014-03-29 04:02 - 00009843 _____ () C:\Users\Sandra\Documents\hijackthis.log 2014-03-29 02:46 - 2014-03-29 02:47 - 25454040 _____ (Mozilla) C:\Users\Sandra\Downloads\WEB.DE_Firefox_Setup.exe 2014-03-29 02:37 - 2014-03-29 02:37 - 05329480 _____ (Secunia) C:\Users\Sandra\Downloads\PSISetup.exe 2014-03-29 02:14 - 2014-03-29 02:14 - 00613200 _____ (Chip Digital GmbH) C:\Users\Sandra\Downloads\HijackThis - CHIP-Downloader.exe 2014-03-28 21:01 - 2013-11-20 09:22 - 00031465 _____ () C:\Users\Sandra\Downloads\The Walking Dead - 4x01 - 30 Days Without an Accident.HDTV.x264-ASAP.en.srt 2014-03-28 21:00 - 2014-03-28 21:00 - 00012387 _____ () C:\Users\Sandra\Downloads\The Walking Dead_4x01_HDTV.x264-ASAP.en.zip 2014-03-18 03:34 - 2014-03-18 03:35 - 00000000 ____D () C:\Users\Sandra\dwhelper 2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Skype 2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-12 01:25 - 2014-03-12 01:25 - 01145470 _____ () C:\Users\Sandra\Downloads\It - Stephen King.epub 2014-03-11 21:04 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-11 21:04 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-11 21:04 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-11 21:04 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-11 21:04 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-11 21:04 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-11 21:04 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-11 21:04 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-11 21:04 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-11 21:04 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-11 21:04 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-11 21:04 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-11 21:04 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-11 21:04 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-11 21:04 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-11 21:04 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-11 19:45 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-11 19:45 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-11 19:45 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-11 19:45 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-03-11 09:05 - 2014-03-11 09:05 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira 2014-03-11 08:57 - 2014-02-25 12:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-03-11 08:57 - 2014-02-25 12:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-03-11 08:57 - 2014-02-25 12:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-03-11 08:57 - 2014-02-25 12:41 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2014-03-11 08:54 - 2014-03-31 19:58 - 00000000 ____D () C:\Program Files\Avira 2014-03-11 08:54 - 2014-03-31 19:56 - 00000000 ____D () C:\ProgramData\Package Cache 2014-03-11 00:51 - 2014-03-11 00:51 - 04051872 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sandra\Downloads\avira_de_av___ws.exe 2014-03-10 02:30 - 2012-07-21 13:19 - 00000000 ____D () C:\Users\Sandra\Downloads\TNC English Patch (1.0) 2014-03-10 02:25 - 2014-03-10 02:25 - 10008444 _____ () C:\Users\Sandra\Downloads\TNC English Patch (1.0).rar 2014-03-09 21:27 - 2005-02-24 17:04 - 00002581 _____ () C:\Program Files\system.pak 2014-03-09 21:27 - 2005-02-24 16:20 - 00939028 _____ () C:\Program Files\script.pak 2014-03-09 21:27 - 2005-02-24 16:20 - 00034088 _____ () C:\Program Files\0cg.pak 2014-03-09 21:20 - 2014-03-09 21:20 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2014-03-09 20:56 - 2010-06-02 05:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-03-09 20:56 - 2010-06-02 05:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2014-03-09 20:56 - 2010-06-02 05:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-03-09 20:56 - 2010-05-26 12:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-03-09 20:56 - 2010-05-26 12:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2014-03-09 20:56 - 2010-05-26 12:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2014-03-09 20:56 - 2010-05-26 12:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2014-03-09 20:56 - 2010-05-26 12:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2014-03-09 20:56 - 2010-02-04 11:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2014-03-09 20:56 - 2010-02-04 11:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2014-03-09 20:56 - 2010-02-04 11:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2014-03-09 20:56 - 2010-02-04 11:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2014-03-09 20:56 - 2009-09-04 18:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2014-03-09 20:56 - 2009-09-04 18:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2014-03-09 20:56 - 2009-09-04 18:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2014-03-09 20:56 - 2009-09-04 18:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2014-03-09 20:56 - 2009-09-04 18:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2014-03-09 20:56 - 2009-09-04 18:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2014-03-09 20:56 - 2009-09-04 18:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2014-03-09 20:56 - 2009-09-04 18:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2014-03-09 20:56 - 2009-03-16 15:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2014-03-09 20:56 - 2009-03-16 15:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2014-03-09 20:56 - 2009-03-16 15:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2014-03-09 20:56 - 2008-10-27 11:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2014-03-09 20:56 - 2008-10-27 11:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2014-03-09 20:56 - 2008-10-27 11:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2014-03-09 20:56 - 2008-10-27 11:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2014-03-09 20:56 - 2008-10-10 05:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2014-03-09 20:56 - 2008-10-10 05:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2014-03-09 20:56 - 2008-10-10 05:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2014-03-09 20:56 - 2008-07-31 11:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2014-03-09 20:56 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2014-03-09 20:56 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2014-03-09 20:56 - 2008-07-10 12:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-03-09 20:56 - 2008-07-10 12:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-03-09 20:56 - 2008-07-10 12:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-03-09 20:56 - 2008-05-30 15:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2014-03-09 20:56 - 2008-05-30 15:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2014-03-09 20:56 - 2008-05-30 15:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2014-03-09 20:56 - 2008-05-30 15:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2014-03-09 20:56 - 2008-05-30 15:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2014-03-09 20:56 - 2008-05-30 15:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2014-03-09 20:56 - 2008-05-30 15:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2014-03-09 20:56 - 2008-03-05 17:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2014-03-09 20:56 - 2008-03-05 17:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2014-03-09 20:56 - 2008-03-05 17:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2014-03-09 20:56 - 2008-03-05 16:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2014-03-09 20:56 - 2008-03-05 16:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2014-03-09 20:56 - 2008-02-06 00:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2014-03-09 20:56 - 2007-10-22 04:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2014-03-09 20:56 - 2007-10-22 04:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2014-03-09 20:56 - 2007-10-12 16:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2014-03-09 20:56 - 2007-10-12 16:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2014-03-09 20:56 - 2007-10-02 10:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2014-03-09 20:56 - 2007-07-20 01:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2014-03-09 20:56 - 2007-07-19 19:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2014-03-09 20:56 - 2007-07-19 19:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2014-03-09 20:56 - 2007-07-19 19:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2014-03-09 20:56 - 2007-06-20 21:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2014-03-09 20:56 - 2007-05-16 17:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2014-03-09 20:56 - 2007-05-16 17:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2014-03-09 20:56 - 2007-05-16 17:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2014-03-09 20:56 - 2007-04-04 19:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2014-03-09 20:56 - 2007-03-15 17:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2014-03-09 20:56 - 2007-03-12 17:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2014-03-09 20:56 - 2007-03-12 17:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2014-03-09 20:56 - 2007-03-05 13:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2014-03-09 20:56 - 2007-01-24 16:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2014-03-09 20:56 - 2006-12-08 13:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2014-03-09 20:56 - 2006-11-29 14:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2014-03-09 20:56 - 2006-11-29 14:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2014-03-09 20:56 - 2006-09-28 17:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2014-03-09 20:56 - 2006-09-28 17:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2014-03-09 20:56 - 2006-07-28 10:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2014-03-09 20:56 - 2006-07-28 10:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2014-03-09 20:56 - 2006-05-31 08:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2014-03-09 20:56 - 2006-03-31 13:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2014-03-09 20:56 - 2006-03-31 13:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2014-03-09 20:55 - 2006-03-31 13:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2014-03-09 20:55 - 2006-02-03 09:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2014-03-09 20:55 - 2006-02-03 09:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2014-03-09 20:55 - 2006-02-03 09:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2014-03-09 20:55 - 2005-12-05 19:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2014-03-09 20:55 - 2005-07-22 20:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2014-03-09 20:55 - 2005-05-26 16:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2014-03-09 20:55 - 2005-03-18 18:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2014-03-09 20:55 - 2005-02-05 20:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2014-03-09 20:53 - 2014-03-09 20:56 - 00000000 ____D () C:\Windows\system32\directx 2014-03-09 20:53 - 2014-03-09 20:54 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-03-09 20:53 - 2014-03-09 20:53 - 00292184 _____ (Microsoft Corporation) C:\Users\Sandra\Downloads\dxwebsetup.exe 2014-03-09 20:44 - 2014-03-21 01:21 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\NitroplusCHiRAL 2014-03-09 20:40 - 2014-03-09 22:34 - 00000000 ____D () C:\Program Files\SoftDenchi 2014-03-09 20:40 - 2014-03-09 20:46 - 00000000 ____D () C:\ProgramData\Paltiosoft 2014-03-09 20:40 - 2014-03-09 20:40 - 00000000 ____D () C:\Windows\ucharge 2014-03-09 20:39 - 2014-03-09 22:33 - 00000000 ____D () C:\Users\Sandra\Downloads\sdrt5030 2014-03-09 20:36 - 2014-03-09 20:37 - 22319750 _____ () C:\Users\Sandra\Downloads\DMMd - Patches.zip 2014-03-09 20:34 - 2014-03-09 20:34 - 17236171 _____ () C:\Users\Sandra\Downloads\sdrt5030.exe ==================== One Month Modified Files and Folders ======= 2014-04-04 18:40 - 2014-03-29 07:19 - 00018574 _____ () C:\Users\Sandra\Downloads\FRST.txt 2014-04-04 18:40 - 2014-03-29 07:19 - 00000000 ____D () C:\FRST 2014-04-04 18:33 - 2014-04-04 16:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-04 18:29 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-04 18:29 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-04 18:29 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-04 18:28 - 2011-06-07 15:10 - 02007597 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 18:28 - 2006-11-02 15:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-04 18:19 - 2008-01-31 06:51 - 00321098 _____ () C:\Windows\PFRO.log 2014-04-04 18:16 - 2014-04-04 18:16 - 00000000 ____D () C:\Windows\ERUNT 2014-04-04 18:06 - 2014-04-04 17:47 - 00000000 ____D () C:\AdwCleaner 2014-04-04 17:36 - 2006-11-02 12:33 - 01567294 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-04 17:25 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\DigitalLocker 2014-04-04 17:19 - 2012-06-14 03:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-04-04 16:19 - 2012-05-20 17:37 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Skype 2014-04-03 03:15 - 2014-04-03 03:15 - 00010150 _____ () C:\ComboFix.txt 2014-04-03 03:15 - 2014-04-02 16:27 - 00000000 ____D () C:\Qoobox 2014-04-03 03:08 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini 2014-04-02 18:30 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2014-04-02 18:27 - 2014-04-02 16:27 - 00000000 ____D () C:\Windows\erdnt 2014-04-02 18:07 - 2014-04-02 18:07 - 00007534 _____ () C:\Users\Sandra\Documents\gmer logfile.log 2014-04-02 17:44 - 2014-04-02 17:44 - 00380416 _____ () C:\Users\Sandra\Downloads\xbhmbskk.exe 2014-04-02 15:44 - 2014-03-29 06:23 - 00000526 _____ () C:\Users\Sandra\Downloads\defogger_disable.log 2014-03-31 20:30 - 2014-03-31 20:30 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix(1).exe 2014-03-31 20:12 - 2014-03-31 20:11 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix.exe 2014-03-31 19:58 - 2014-03-11 08:54 - 00000000 ____D () C:\Program Files\Avira 2014-03-31 19:56 - 2014-03-11 08:54 - 00000000 ____D () C:\ProgramData\Package Cache 2014-03-29 17:52 - 2012-05-02 03:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-29 09:06 - 2014-03-29 09:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-29 07:29 - 2014-03-29 07:21 - 00025541 _____ () C:\Users\Sandra\Downloads\Addition.txt 2014-03-29 06:23 - 2014-03-29 06:23 - 00000176 _____ () C:\Users\Sandra\defogger_reenable 2014-03-29 06:23 - 2011-06-07 15:15 - 00000000 ____D () C:\Users\Sandra 2014-03-29 06:17 - 2014-03-29 06:17 - 01145856 _____ (Farbar) C:\Users\Sandra\Downloads\FRST.exe 2014-03-29 06:17 - 2014-03-29 06:17 - 00380416 _____ () C:\Users\Sandra\Downloads\05ics8ji.exe 2014-03-29 06:17 - 2014-03-29 06:17 - 00050477 _____ () C:\Users\Sandra\Downloads\Defogger.exe 2014-03-29 04:02 - 2014-03-29 04:02 - 00009843 _____ () C:\Users\Sandra\Documents\hijackthis.log 2014-03-29 03:01 - 2014-02-14 07:36 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\uTorrent 2014-03-29 03:01 - 2012-08-12 14:42 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2014-03-29 02:58 - 2011-06-07 17:15 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-03-29 02:47 - 2014-03-29 02:46 - 25454040 _____ (Mozilla) C:\Users\Sandra\Downloads\WEB.DE_Firefox_Setup.exe 2014-03-29 02:37 - 2014-03-29 02:37 - 05329480 _____ (Secunia) C:\Users\Sandra\Downloads\PSISetup.exe 2014-03-29 02:14 - 2014-03-29 02:14 - 00613200 _____ (Chip Digital GmbH) C:\Users\Sandra\Downloads\HijackThis - CHIP-Downloader.exe 2014-03-28 21:00 - 2014-03-28 21:00 - 00012387 _____ () C:\Users\Sandra\Downloads\The Walking Dead_4x01_HDTV.x264-ASAP.en.zip 2014-03-26 06:00 - 2011-06-17 09:55 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\vlc 2014-03-25 19:12 - 2011-11-26 16:50 - 00479222 _____ () C:\Windows\DPINST.LOG 2014-03-21 01:21 - 2014-03-09 20:44 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\NitroplusCHiRAL 2014-03-21 01:13 - 2014-02-15 00:06 - 00000000 ____D () C:\Users\Sandra\dramatical muder 2014-03-18 21:07 - 2013-07-17 20:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-18 21:01 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-18 03:35 - 2014-03-18 03:34 - 00000000 ____D () C:\Users\Sandra\dwhelper 2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Skype 2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-17 21:01 - 2012-05-20 17:36 - 00000000 ___RD () C:\Program Files\Skype 2014-03-17 21:01 - 2012-05-20 17:36 - 00000000 ____D () C:\ProgramData\Skype 2014-03-12 10:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache 2014-03-12 09:42 - 2006-11-02 14:47 - 00348056 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-12 05:19 - 2012-06-14 03:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-12 05:19 - 2011-06-08 20:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-12 01:25 - 2014-03-12 01:25 - 01145470 _____ () C:\Users\Sandra\Downloads\It - Stephen King.epub 2014-03-11 21:03 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-03-11 09:05 - 2014-03-11 09:05 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira 2014-03-11 08:57 - 2012-06-02 11:38 - 00000000 ____D () C:\ProgramData\Avira 2014-03-11 00:51 - 2014-03-11 00:51 - 04051872 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sandra\Downloads\avira_de_av___ws.exe 2014-03-10 02:25 - 2014-03-10 02:25 - 10008444 _____ () C:\Users\Sandra\Downloads\TNC English Patch (1.0).rar 2014-03-10 00:23 - 2011-06-08 22:49 - 00000000 ____D () C:\Program Files\NitroplusCHiRAL 2014-03-10 00:16 - 2011-06-08 22:34 - 00003299 _____ () C:\Windows\DirectX.log 2014-03-09 22:53 - 2011-06-07 15:16 - 00086816 _____ () C:\Users\Sandra\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-09 22:34 - 2014-03-09 20:40 - 00000000 ____D () C:\Program Files\SoftDenchi 2014-03-09 22:33 - 2014-03-09 20:39 - 00000000 ____D () C:\Users\Sandra\Downloads\sdrt5030 2014-03-09 21:20 - 2014-03-09 21:20 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2014-03-09 21:20 - 2014-02-14 08:21 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite 2014-03-09 20:56 - 2014-03-09 20:53 - 00000000 ____D () C:\Windows\system32\directx 2014-03-09 20:55 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-03-09 20:54 - 2014-03-09 20:53 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-03-09 20:53 - 2014-03-09 20:53 - 00292184 _____ (Microsoft Corporation) C:\Users\Sandra\Downloads\dxwebsetup.exe 2014-03-09 20:46 - 2014-03-09 20:40 - 00000000 ____D () C:\ProgramData\Paltiosoft 2014-03-09 20:40 - 2014-03-09 20:40 - 00000000 ____D () C:\Windows\ucharge 2014-03-09 20:37 - 2014-03-09 20:36 - 22319750 _____ () C:\Users\Sandra\Downloads\DMMd - Patches.zip 2014-03-09 20:34 - 2014-03-09 20:34 - 17236171 _____ () C:\Users\Sandra\Downloads\sdrt5030.exe 2014-03-05 09:26 - 2014-04-04 16:36 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-04-04 16:36 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-04-04 16:36 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Files to move or delete: ==================== C:\Users\Sandra\AppData\Roaming\desktop.ini Some content of TEMP: ==================== C:\Users\Sandra\AppData\Local\temp\avgnt.exe C:\Users\Sandra\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-04 18:38 ==================== End Of Log ============================ --- --- --- --- --- --- Ich hoffe, das ist OK so. |
|
05.04.2014, 11:00
| #8 |
| /// the machine /// TB-Ausbilder | PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekanntESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.04.2014, 10:29
| #9 |
| | PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt Hi, Ich habe alle drei Anwendungen laufen lassen, hatte aber Probleme mit Eset. Der Scan mit dem Programm hat über zehn Stunden gedauert und danach nicht mal ein logfile hinterlassen. Ich hab keine Ahnung was da schief gegangen ist. SecurityCheck log: Code:
ATTFilter Results of screen317's Security Check version 0.99.80
Windows Vista Service Pack 2 x86
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 38
Java 7 Update 51
Adobe Flash Player 12.0.0.77
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
OnlineDiagnostic TestManager TestHandler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by Sandra (administrator) on GREYGROVES-PC on 09-04-2014 11:15:50
Running from C:\Users\Sandra\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
() C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Fujitsu Siemens Computers) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
(Paltiosoft Inc.) C:\Program Files\SoftDenchi\UCManSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Fujitsu Siemens Computers) C:\ProgramData\fsc-reg\fscreg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\ipmGui.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4399104 2007-03-14] (Realtek Semiconductor)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [recinfo518] - c:\RecInfo\RecInfo.exe [2764800 2007-10-23] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [fsc-reg] - C:\ProgramData\fsc-reg\fscreg.exe [533264 2007-11-08] (Fujitsu Siemens Computers)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {6a94ad7f-a7be-11e3-879b-00030d7ba2a3} - G:\install.exe
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {b81f2b63-2ff4-11e2-a0fc-00030d7ba2a3} - G:\Startme.exe
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40AB67D1647BCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\ich@maltegoetz.de [2013-12-13]
FF Extension: WOT - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: DownloadHelper - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Easy YouTube Video Downloader - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-05-06]
FF Extension: Adblock Plus - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-08]
FF Extension: BetterPrivacy - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-06-08]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-03-14]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Media Go Detector) - C:\Program Files\Sony\Media Go\npmediago.dll No File
CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-09]
CHR Extension: (YouTube) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-09]
CHR Extension: (Google-Suche) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-09]
CHR Extension: (Google Mail) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-09]
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [683696 2012-08-24] (Juniper Networks)
R2 FSCLBaseUpdaterService; C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [65536 2007-06-04] ()
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers)
R2 UCManSvc; C:\Program Files\SoftDenchi\UCManSvc.exe [186512 2012-11-01] (Paltiosoft Inc.)
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-08-24] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-03-09] (Disc Soft Ltd)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)
R3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188520 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [42728 2011-06-13] (Realtek)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-14] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vhidmini; system32\DRIVERS\walvhid.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-08 11:29 - 2014-04-08 11:29 - 00000000 ____D () C:\Program Files\ESET
2014-04-04 19:40 - 2014-04-04 19:57 - 00000000 _____ () C:\test.log
2014-04-04 18:16 - 2014-04-04 18:16 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 17:47 - 2014-04-04 18:06 - 00000000 ____D () C:\AdwCleaner
2014-04-04 16:37 - 2014-04-08 10:39 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-04-04 16:36 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 16:36 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-04 16:36 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 03:15 - 2014-04-03 03:15 - 00010150 _____ () C:\ComboFix.txt
2014-04-02 18:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-02 18:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-02 18:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-02 18:07 - 2014-04-02 18:07 - 00007534 _____ () C:\Users\Sandra\Documents\gmer logfile.log
2014-04-02 17:44 - 2014-04-02 17:44 - 00380416 _____ () C:\Users\Sandra\Downloads\xbhmbskk.exe
2014-04-02 16:27 - 2014-04-03 03:15 - 00000000 ____D () C:\Qoobox
2014-04-02 16:27 - 2014-04-02 18:27 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 20:30 - 2014-03-31 20:30 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix(1).exe
2014-03-31 20:11 - 2014-03-31 20:12 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix.exe
2014-03-29 09:06 - 2014-03-29 09:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 07:21 - 2014-03-29 07:29 - 00025541 _____ () C:\Users\Sandra\Downloads\Addition.txt
2014-03-29 07:19 - 2014-04-09 11:15 - 00017817 _____ () C:\Users\Sandra\Downloads\FRST.txt
2014-03-29 07:19 - 2014-04-09 11:15 - 00000000 ____D () C:\FRST
2014-03-29 06:23 - 2014-04-02 15:44 - 00000526 _____ () C:\Users\Sandra\Downloads\defogger_disable.log
2014-03-29 06:23 - 2014-03-29 06:23 - 00000176 _____ () C:\Users\Sandra\defogger_reenable
2014-03-29 06:17 - 2014-03-29 06:17 - 01145856 _____ (Farbar) C:\Users\Sandra\Downloads\FRST.exe
2014-03-29 06:17 - 2014-03-29 06:17 - 00380416 _____ () C:\Users\Sandra\Downloads\05ics8ji.exe
2014-03-29 06:17 - 2014-03-29 06:17 - 00050477 _____ () C:\Users\Sandra\Downloads\Defogger.exe
2014-03-29 04:02 - 2014-03-29 04:02 - 00009843 _____ () C:\Users\Sandra\Documents\hijackthis.log
2014-03-29 02:46 - 2014-03-29 02:47 - 25454040 _____ (Mozilla) C:\Users\Sandra\Downloads\WEB.DE_Firefox_Setup.exe
2014-03-29 02:37 - 2014-03-29 02:37 - 05329480 _____ (Secunia) C:\Users\Sandra\Downloads\PSISetup.exe
2014-03-29 02:14 - 2014-03-29 02:14 - 00613200 _____ (Chip Digital GmbH) C:\Users\Sandra\Downloads\HijackThis - CHIP-Downloader.exe
2014-03-28 21:01 - 2013-11-20 09:22 - 00031465 _____ () C:\Users\Sandra\Downloads\The Walking Dead - 4x01 - 30 Days Without an Accident.HDTV.x264-ASAP.en.srt
2014-03-28 21:00 - 2014-03-28 21:00 - 00012387 _____ () C:\Users\Sandra\Downloads\The Walking Dead_4x01_HDTV.x264-ASAP.en.zip
2014-03-18 03:34 - 2014-03-18 03:35 - 00000000 ____D () C:\Users\Sandra\dwhelper
2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Skype
2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-12 01:25 - 2014-03-12 01:25 - 01145470 _____ () C:\Users\Sandra\Downloads\It - Stephen King.epub
2014-03-11 21:04 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 21:04 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 21:04 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 21:04 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 21:04 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 21:04 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 21:04 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-11 21:04 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 21:04 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 21:04 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 21:04 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-11 21:04 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 21:04 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-11 21:04 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 21:04 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-11 21:04 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 19:45 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 19:45 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 19:45 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 19:45 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-11 09:05 - 2014-03-11 09:05 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira
2014-03-11 08:57 - 2014-02-25 12:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-11 08:57 - 2014-02-25 12:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-11 08:57 - 2014-02-25 12:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-11 08:57 - 2014-02-25 12:41 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-03-11 08:54 - 2014-03-31 19:58 - 00000000 ____D () C:\Program Files\Avira
2014-03-11 08:54 - 2014-03-31 19:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-11 00:51 - 2014-03-11 00:51 - 04051872 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sandra\Downloads\avira_de_av___ws.exe
2014-03-10 02:30 - 2012-07-21 13:19 - 00000000 ____D () C:\Users\Sandra\Downloads\TNC English Patch (1.0)
2014-03-10 02:25 - 2014-03-10 02:25 - 10008444 _____ () C:\Users\Sandra\Downloads\TNC English Patch (1.0).rar
==================== One Month Modified Files and Folders =======
2014-04-09 11:16 - 2014-03-29 07:19 - 00017817 _____ () C:\Users\Sandra\Downloads\FRST.txt
2014-04-09 11:15 - 2014-03-29 07:19 - 00000000 ____D () C:\FRST
2014-04-09 10:36 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 10:36 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 10:19 - 2012-06-14 03:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 21:59 - 2011-06-07 15:10 - 02079121 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 20:03 - 2006-11-02 12:33 - 01567294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 11:29 - 2014-04-08 11:29 - 00000000 ____D () C:\Program Files\ESET
2014-04-08 10:39 - 2014-04-04 16:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 10:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 02:14 - 2006-11-02 15:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-08 02:13 - 2012-05-20 17:37 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Skype
2014-04-04 19:57 - 2014-04-04 19:40 - 00000000 _____ () C:\test.log
2014-04-04 18:19 - 2008-01-31 06:51 - 00321098 _____ () C:\Windows\PFRO.log
2014-04-04 18:16 - 2014-04-04 18:16 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 18:06 - 2014-04-04 17:47 - 00000000 ____D () C:\AdwCleaner
2014-04-04 17:28 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-04-03 03:15 - 2014-04-03 03:15 - 00010150 _____ () C:\ComboFix.txt
2014-04-03 03:15 - 2014-04-02 16:27 - 00000000 ____D () C:\Qoobox
2014-04-03 03:08 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-04-02 18:30 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-04-02 18:27 - 2014-04-02 16:27 - 00000000 ____D () C:\Windows\erdnt
2014-04-02 18:07 - 2014-04-02 18:07 - 00007534 _____ () C:\Users\Sandra\Documents\gmer logfile.log
2014-04-02 17:44 - 2014-04-02 17:44 - 00380416 _____ () C:\Users\Sandra\Downloads\xbhmbskk.exe
2014-04-02 15:44 - 2014-03-29 06:23 - 00000526 _____ () C:\Users\Sandra\Downloads\defogger_disable.log
2014-03-31 20:30 - 2014-03-31 20:30 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix(1).exe
2014-03-31 20:12 - 2014-03-31 20:11 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix.exe
2014-03-31 19:58 - 2014-03-11 08:54 - 00000000 ____D () C:\Program Files\Avira
2014-03-31 19:56 - 2014-03-11 08:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-29 17:52 - 2012-05-02 03:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 09:06 - 2014-03-29 09:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 07:29 - 2014-03-29 07:21 - 00025541 _____ () C:\Users\Sandra\Downloads\Addition.txt
2014-03-29 06:23 - 2014-03-29 06:23 - 00000176 _____ () C:\Users\Sandra\defogger_reenable
2014-03-29 06:23 - 2011-06-07 15:15 - 00000000 ____D () C:\Users\Sandra
2014-03-29 06:17 - 2014-03-29 06:17 - 01145856 _____ (Farbar) C:\Users\Sandra\Downloads\FRST.exe
2014-03-29 06:17 - 2014-03-29 06:17 - 00380416 _____ () C:\Users\Sandra\Downloads\05ics8ji.exe
2014-03-29 06:17 - 2014-03-29 06:17 - 00050477 _____ () C:\Users\Sandra\Downloads\Defogger.exe
2014-03-29 04:02 - 2014-03-29 04:02 - 00009843 _____ () C:\Users\Sandra\Documents\hijackthis.log
2014-03-29 03:01 - 2014-02-14 07:36 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\uTorrent
2014-03-29 03:01 - 2012-08-12 14:42 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-03-29 02:58 - 2011-06-07 17:15 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-29 02:47 - 2014-03-29 02:46 - 25454040 _____ (Mozilla) C:\Users\Sandra\Downloads\WEB.DE_Firefox_Setup.exe
2014-03-29 02:37 - 2014-03-29 02:37 - 05329480 _____ (Secunia) C:\Users\Sandra\Downloads\PSISetup.exe
2014-03-29 02:14 - 2014-03-29 02:14 - 00613200 _____ (Chip Digital GmbH) C:\Users\Sandra\Downloads\HijackThis - CHIP-Downloader.exe
2014-03-28 21:00 - 2014-03-28 21:00 - 00012387 _____ () C:\Users\Sandra\Downloads\The Walking Dead_4x01_HDTV.x264-ASAP.en.zip
2014-03-26 06:00 - 2011-06-17 09:55 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\vlc
2014-03-25 19:12 - 2011-11-26 16:50 - 00479222 _____ () C:\Windows\DPINST.LOG
2014-03-21 01:21 - 2014-03-09 20:44 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\NitroplusCHiRAL
2014-03-21 01:13 - 2014-02-15 00:06 - 00000000 ____D () C:\Users\Sandra\dramatical muder
2014-03-18 21:07 - 2013-07-17 20:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 21:01 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-18 03:35 - 2014-03-18 03:34 - 00000000 ____D () C:\Users\Sandra\dwhelper
2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Skype
2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-17 21:01 - 2012-05-20 17:36 - 00000000 ___RD () C:\Program Files\Skype
2014-03-17 21:01 - 2012-05-20 17:36 - 00000000 ____D () C:\ProgramData\Skype
2014-03-12 10:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-03-12 09:42 - 2006-11-02 14:47 - 00348056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 05:19 - 2012-06-14 03:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 05:19 - 2011-06-08 20:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 01:25 - 2014-03-12 01:25 - 01145470 _____ () C:\Users\Sandra\Downloads\It - Stephen King.epub
2014-03-11 21:03 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-11 09:05 - 2014-03-11 09:05 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira
2014-03-11 08:57 - 2012-06-02 11:38 - 00000000 ____D () C:\ProgramData\Avira
2014-03-11 00:51 - 2014-03-11 00:51 - 04051872 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sandra\Downloads\avira_de_av___ws.exe
2014-03-10 02:25 - 2014-03-10 02:25 - 10008444 _____ () C:\Users\Sandra\Downloads\TNC English Patch (1.0).rar
2014-03-10 00:23 - 2011-06-08 22:49 - 00000000 ____D () C:\Program Files\NitroplusCHiRAL
2014-03-10 00:16 - 2011-06-08 22:34 - 00003299 _____ () C:\Windows\DirectX.log
Files to move or delete:
====================
C:\Users\Sandra\AppData\Roaming\desktop.ini
Some content of TEMP:
====================
C:\Users\Sandra\AppData\Local\temp\avgnt.exe
C:\Users\Sandra\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-09 10:49
==================== End Of Log ============================
Danke für die Hilfe! |
|
10.04.2014, 07:57
| #10 |
| /// the machine /// TB-Ausbilder | PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.04.2014, 21:44
| #11 |
| | PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt Hi, danke. Es schein behoben zu sein. Sollte ich mein Betriebssystem neu aufsetzen? LG und danke für Ihre Hilfe soweit. |
|
18.04.2014, 16:56
| #12 |
| /// the machine /// TB-Ausbilder | PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt Dann wäre unsre Arbeit umsonst gewesen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.04.2014, 18:31
| #13 |
| | PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt Hallo, danke für Ihre Hilfe und die Tips zur Systemabsicherung! Ich werde sie in Zukunft besser beherzigen, um solche lästigen Zwischenfälle möglichst zu vermeiden. Liebe Grüße, tôkaido |
|
01.05.2014, 16:33
| #14 |
| /// the machine /// TB-Ausbilder | PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt |
| acrobat update, antivirus, bho, browser, desktop, firefox, helper, highjackthis, hijackthis, internet explorer, mozilla, object, pup.optional.conduit.a, pup.optional.iminent.a, pup.optional.opencandy, scan, security, software, symantec, vista, windows |
Linear-Darstellung
