|
Log-Analyse und Auswertung: UPS Phishing Mail geöffnet uns auf Link geklicktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.03.2015, 22:56 | #16 |
| UPS Phishing Mail geöffnet uns auf Link geklicktCode:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 26/03/2015 um 22:37:39 # Aktualisiert 22/03/2015 von Xplode # Datenbank : 2015-03-26.1 [Server] # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (x86) # Benutzername : Schüle - SCHÜLE-LAPTOP # Gestarted von : C:\Users\Schüle\Eigene Dateien\Downloads\AdwCleaner_4.113.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\Program Files\DM Ordner Gelöscht : C:\Users\SCHLE~1\AppData\Local\Temp\mt_ffx Ordner Gelöscht : C:\Users\Schüle\AppData\LocalLow\Softonic Ordner Gelöscht : C:\Users\Schüle\AppData\LocalLow\SweetIM [!] Ordner Gelöscht : C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi Datei Gelöscht : C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi Datei Gelöscht : C:\END Datei Gelöscht : C:\Users\SCHLE~1\AppData\Local\Temp\Uninstall.exe Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml Datei Gelöscht : C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\user.js ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ea8fa6be-29be-4af2-9352-841f83215eb0} Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Internetbrowser ] ***** -\\ Internet Explorer v7.0.6001.18639 -\\ Mozilla Firefox v [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.dfltlng", "de"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.instlday", "15611"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.instlref", "MON00015"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.prtnrid", "softonic"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.smplgrp", "none"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.tlbrid", "base"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q="); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.vrsnts", "1.6.7.421:27:59"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledAddons", "{e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.12.9.1,ffxtlbra@softonic.com:1.6.0,{317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.9.1,plugin@yontoo.com:1.20.02,{EEE6C361-61[...] [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.y2layers.installId", "0a25c89b-5b73-4b82-89a3-7372d00d315c"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={D3107344-3C9C-11E2-9702-00238B2DD3EE}&src=2&crg=3.1010006.10028&q="); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010006.10028"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...] [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.newtab.created", "false"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", ""); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.apps.)?facebook\\.com.*"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.apps.)?facebook\\.com.*"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", ""); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", ""); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...] [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{D3107344-3C9C-11E2-9702-00238B2DD3EE}"); [0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0"); -\\ Google Chrome v41.0.2272.101 ************************* AdwCleaner[R0].txt - [19293 Bytes] - [13/07/2014 14:27:07] AdwCleaner[R1].txt - [13530 Bytes] - [26/03/2015 22:12:47] AdwCleaner[S0].txt - [14194 Bytes] - [26/03/2015 22:37:39] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14254 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.6 (03.22.2015:1) OS: Windows Vista (TM) Home Premium x86 Ran by Schle on 26.03.2015 at 22:46:32,45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\isuspm ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\flexnet" Successfully deleted: [Folder] "C:\Users\Schle\AppData\Roaming\flexnet" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 26.03.2015 at 22:49:15,10 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015 Ran by Schüle at 2015-03-26 22:54:19 Running from C:\Users\Schüle\Eigene Dateien\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) Amicron-Faktura 11.0 © Amicron Software (HKLM\...\Amicron-Faktura 11.0) (Version: - ) Biet-O-Matic v2.14.12 (HKLM\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Comodo BackUp (HKLM\...\Comodo BackUp) (Version: 1.0.4.337 - COMODO) DELISprint (HKLM\...\{9480CCD5-BB18-4DF3-AB18-04198B30DD62}) (Version: 5.6.7.0 - DPD) dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA) eMachines (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}) (Version: - Oberon Media) eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated) eMachines ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.02.0902 - Acer Incorporated) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) FileZilla Client 3.5.1 (HKLM\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project) Firebird 2.5.2.26540 (Win32) (HKLM\...\FBDBServer_2_5_is1) (Version: 2.5.2.26540 - Firebird Project) GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Ihr Firmenname) InfoBibliothek (HKLM\...\{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}) (Version: - Akademische Arbeitsgemeinschaft) InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.498 - InterVideo Inc.) InterVideo WinDVD 8 (Version: 8.0-B9.498 - InterVideo Inc.) Hidden IrfanView (remove only) (HKLM\...\IrfanView) (Version: - ) Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle) Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) Konz 2013 (Version: 1.00.0000 - USM) Hidden LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.1.2 - Mozilla) Mozilla Thunderbird 31.1.2 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla) MPM (HKLM\...\{7ABD82AD-E13E-4673-A450-0890D43C8F9D}) (Version: 1.00.0000 - Hewlett-Packard) MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.503 - NewTech Infosystems) NTI Backup Now Standard (Version: 5.1.2.503 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6325 - NewTech Infosystems) NTI Media Maker 8 (Version: 8.0.12.6325 - NewTech Infosystems) Hidden Nuance PDF Converter 7 (HKLM\...\{667014DE-A731-4487-9650-BD864C536F4F}) (Version: 7.00.2000 - Nuance Communications, Inc) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) OpenOffice.org 3.0 (HKLM\...\{04B45310-A5FE-4425-BFCA-1A6D8920DE74}) (Version: 3.0.9379 - OpenOffice.org) PDF To Excel Converter V3.0 (HKLM\...\PDF To Excel Converter_is1) (Version: - hxxp://www.PDFExcelConverter.com) Profi cash (HKLM\...\Profi cash) (Version: - ) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5680 - Realtek Semiconductor Corp.) Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Scansoft PDF Converter (Version: - ) Hidden Steuer 2011 (HKLM\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH) Steuer 2012 (HKLM\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH) Steuer 2013 (HKLM\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH) Steuersparer 2010 (HKLM\...\{9B954367-8314-4E94-9FFC-D6EFF7C6B674}) (Version: 17.00.6531 - Buhl Data Service GmbH) Steuersparer 2011 (HKLM\...\{538E852C-1064-46EF-9B24-6EC9B1494792}) (Version: 18.00.6933 - Buhl Data Service GmbH) Steuer-Spar-Erklärung 2008 (HKLM\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.01.0000 - Akademische Arbeitsgemeinschaft) Steuer-Spar-Erklärung 2009 (HKLM\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.11.0000 - Akademische Arbeitsgemeinschaft Verlag) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics) TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team) WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) XnView 2.03 (HKLM\...\XnView_is1) (Version: 2.03 - Gougelet Pierre-e) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{68213E0D-E2B5-43D8-9683-080885FB7E24}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{F4F55570-2FF4-444F-9851-E04BA4E4B524}\InprocServer32 -> No File Path ==================== Restore Points ========================= 22-03-2015 21:47:19 Revo Uninstaller's restore point - Internet Explorer Toolbar 4.6 by SweetPacks 22-03-2015 21:53:24 Revo Uninstaller's restore point - SweetPacks bundle uninstaller 22-03-2015 21:56:47 Revo Uninstaller's restore point - Update Manager for SweetPacks 1.1 22-03-2015 21:59:06 Revo Uninstaller's restore point - Yontoo 1.10.03 24-03-2015 23:14:23 Removed Apple Software Update 24-03-2015 23:16:39 Removed Apple Mobile Device Support 24-03-2015 23:17:54 Removed Apple Application Support (32-Bit) 24-03-2015 23:24:02 Removed iTunes ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {171DF220-EF09-449C-8AA2-BB5DF0D5E2F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.) Task: {22B8F97D-5736-4520-9C6B-67C75987854C} - System32\Tasks\{743FC91F-421D-4A8B-BACA-40B6CBC289E5} => pcalua.exe -a c:\Users\Schüle\Documents\Downloads\amicron-faktura11(2).exe Task: {4C7044E2-6D55-4F72-8668-4F71B6BFA3BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated) Task: {4F4BF66C-98F3-4BDD-A82E-BF2768473BB7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Schüle => C:\Program Files\Windows Calendar\wincal.exe [2008-01-21] (Microsoft Corporation) Task: {534DF986-986C-4568-85A6-245C4D6E03C8} - System32\Tasks\{A1B029EC-5A50-478D-A54D-9810DC94C25D} => pcalua.exe -a C:\PROGRA~1\AMICRO~1.0\UNWISE.EXE -c C:\PROGRA~1\AMICRO~1.0\Install.log Task: {66197C39-E854-490C-B9B5-3E82B27101FB} - System32\Tasks\{88C66690-BBA1-4297-A840-26D69C048E4A} => pcalua.exe -a C:\Users\Schüle\Downloads\setup_kadmos_irfanview_de.exe -d C:\Users\Schüle\Downloads Task: {91062CE2-CC24-442B-827A-EE9B2F8EB474} - System32\Tasks\{4CE875CE-371C-4A2B-A945-F691B3351578} => pcalua.exe -a "C:\Users\Schüle\Eigene Dateien\Downloads\AF11-Setup.exe" -d "C:\Users\Schüle\Eigene Dateien\Downloads" Task: {9EB265ED-B122-4E5C-9779-3E4B51B2BC5E} - System32\Tasks\{62413CF2-5EBD-4C71-88C5-8A493C2D3E1D} => pcalua.exe -a "C:\Program Files\Oberon Media\eMachines\Uninstall.exe" -c "C:\Program Files\Oberon Media\eMachines\install.log" Task: {D01C3D6B-91E9-444C-BE2C-7D3E7E848B96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-02-13 20:05 - 2014-09-10 16:24 - 00019216 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll 2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files\Common Files\AAV\aavus.exe 2008-02-28 21:44 - 2008-02-28 21:44 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll 2008-02-28 21:44 - 2008-02-28 21:44 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll 2008-02-28 21:44 - 2008-02-28 21:44 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll 2009-03-06 11:15 - 2008-06-11 11:18 - 00024576 _____ () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe 2009-03-06 11:15 - 2009-03-06 11:15 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll 2009-03-06 11:15 - 2009-03-06 11:15 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll 2009-03-06 11:15 - 2009-03-06 11:15 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll 2009-03-06 11:15 - 2009-03-06 11:15 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll 2009-03-06 11:15 - 2009-03-06 11:15 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll 2009-03-06 11:15 - 2009-03-06 11:15 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll 2008-04-04 02:03 - 2008-04-04 02:03 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 2008-04-06 21:42 - 2008-04-06 21:42 - 00034040 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe 2008-04-04 02:00 - 2008-04-04 02:00 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll 2008-07-29 12:55 - 2008-07-29 12:55 - 00969728 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2009-01-09 19:18 - 2009-01-09 19:18 - 00139264 _____ () C:\Program Files\OpenOffice.org 3\Basis\program\NSLDAP32V50.dll 2008-07-29 12:59 - 2008-07-29 12:59 - 00165376 _____ () C:\Program Files\OpenOffice.org 3\Basis\program\libxslt.dll 2011-08-28 22:19 - 2011-08-28 22:19 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2015-03-22 10:50 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:580E04D8 AlternateDataStreams: C:\ProgramData\TEMP:D95ACC7D ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Classes\.exe: => <===== ATTENTION! ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img33.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-768814543-1293272205-1146082735-500 - Administrator - Disabled) Gast (S-1-5-21-768814543-1293272205-1146082735-501 - Limited - Disabled) Schüle (S-1-5-21-768814543-1293272205-1146082735-1000 - Administrator - Enabled) => C:\Users\Schüle ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-03-26 22:54:11.631 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-26 22:54:11.350 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-26 22:54:11.054 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-26 22:54:10.773 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-26 22:53:51.407 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-26 22:53:51.029 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-26 22:53:50.771 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-26 22:53:50.410 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-26 22:53:50.065 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-26 22:53:49.737 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: AMD Athlon(tm) X2 Dual-Core QL-62 Percentage of memory in use: 44% Total physical RAM: 2813.5 MB Available physical RAM: 1569.78 MB Total Pagefile: 5863.44 MB Available Pagefile: 4658.66 MB Total Virtual: 2047.88 MB Available Virtual: 1907.38 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:144.04 GB) (Free:42.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:143.94 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 2C74BADC) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Schüle (administrator) on SCHÜLE-LAPTOP on 26-03-2015 22:53:02 Running from C:\Users\Schüle\Eigene Dateien\Downloads Loaded Profiles: Schüle (Available profiles: Schüle) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\Common Files\AAV\aavus.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (COMODO) C:\Program Files\Comodo\BackUp\CmdBkSvc.exe () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-13] (Synaptics, Inc.) HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] () HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines) HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-24] (RealNetworks, Inc.) HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe [121120 2010-10-28] (Nuance Communications, Inc.) HKLM\...\Run: [Nuance PDF Converter 7-reminder] => C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\MountPoints2: {d5797571-7152-11df-b752-00238b2dd3ee} - F:\InstallTomTomHOME.exe Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie URLSearchHook: [S-1-5-21-768814543-1293272205-1146082735-1000] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-24] (RealPlayer) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07] (Sun Microsystems, Inc.) Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default FF Homepage: http.www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-07] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-07] (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-03] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\trash [2013-05-11] FF Extension: SeoQuake - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-05-08] FF Extension: Page Speed - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-08-28] FF Extension: Firebug - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-20] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-09] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-09-09] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-07-24] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\ffxtlbra@softonic.com [Not Found] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\plugin@yontoo.com.xpi [Not Found] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [Not Found] FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Profile: C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed] R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 ComodoBackupService; C:\Program Files\Comodo\BackUp\CmdBkSvc.exe [1023488 2009-04-25] (COMODO) [File not signed] R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed] R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [File not signed] R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 A2DDA; C:\EEK\bin\a2ddax86.sys [22056 2015-03-24] (Emsisoft GmbH) S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-03-24] (Emsisoft GmbH) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-23] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-25] (Malwarebytes Corporation) R3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [75776 2007-02-12] (Prolific Technology Inc.) [File not signed] R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH) S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 Netaapl; system32\DRIVERS\netaapl.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 USBAAPL; System32\Drivers\usbaapl.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-26 22:49 - 2015-03-26 22:49 - 00000939 _____ () C:\Users\Schüle\Desktop\JRT.txt 2015-03-25 09:12 - 2015-03-25 09:12 - 00001886 _____ () C:\Users\Schüle\Desktop\a2scan_150325-063559 bericht.txt 2015-03-25 06:22 - 2015-03-25 06:22 - 00142656 _____ () C:\Windows\Minidump\Mini032515-01.dmp 2015-03-24 23:54 - 2015-03-24 23:54 - 00142656 _____ () C:\Windows\Minidump\Mini032415-02.dmp 2015-03-24 23:14 - 2015-03-24 23:14 - 00000000 ____D () C:\OETemp 2015-03-24 21:04 - 2015-03-24 21:04 - 00000693 _____ () C:\Users\Schüle\Desktop\Start Emsisoft Emergency Kit.lnk 2015-03-24 21:03 - 2015-03-25 06:25 - 00000000 ____D () C:\EEK 2015-03-24 01:09 - 2015-03-24 01:09 - 00142608 _____ () C:\Windows\Minidump\Mini032415-01.dmp 2015-03-23 22:32 - 2015-03-25 00:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-23 22:32 - 2015-03-25 00:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-23 22:31 - 2015-03-23 22:31 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-23 17:30 - 2015-03-23 17:30 - 00142608 _____ () C:\Windows\Minidump\Mini032315-01.dmp 2015-03-22 22:01 - 2015-03-23 22:31 - 00000000 ____D () C:\Users\Schüle\Desktop\mbar 2015-03-22 21:43 - 2015-03-24 23:27 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-03-22 21:37 - 2015-03-22 21:37 - 00138976 _____ () C:\Windows\Minidump\Mini032215-01.dmp 2015-03-19 22:33 - 2015-03-24 23:35 - 00000000 ____D () C:\Program Files\Avira 2015-03-19 22:17 - 2015-03-19 22:17 - 00005115 _____ () C:\ProgramData\N360BUOptions.ini 2015-03-19 20:50 - 2015-03-19 20:50 - 00014681 _____ () C:\Users\Schüle\Desktop\gamer.txt 2015-03-19 20:50 - 2015-03-19 20:50 - 00000104 ____H () C:\Users\Schüle\Desktop\.~lock.gamer.txt# 2015-03-19 20:16 - 2015-03-19 20:16 - 00036873 _____ () C:\Users\Schüle\Desktop\FRST.txt 2015-03-19 16:22 - 2015-03-26 22:53 - 00000000 ____D () C:\FRST 2015-03-19 16:18 - 2015-03-19 16:18 - 00000000 _____ () C:\Users\Schüle\defogger_reenable 2015-03-19 14:22 - 2015-03-23 22:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-19 13:33 - 2015-03-19 13:33 - 00138976 _____ () C:\Windows\Minidump\Mini031915-01.dmp 2015-03-14 16:12 - 2015-03-14 16:12 - 00138200 _____ () C:\Windows\Minidump\Mini031415-01.dmp 2015-03-13 11:58 - 2015-03-13 11:58 - 00015810 _____ () C:\Users\Schüle\Desktop\haushaltshilfen 2014.odt 2015-03-08 15:11 - 2015-03-07 20:58 - 00013171 _____ () C:\Users\Schüle\Documents\SDK%20Julia%20Schüle%20%202011%20Heilpraktiker.odt_0.odt 2015-03-08 15:11 - 2015-03-07 20:58 - 00012352 _____ () C:\Users\Schüle\Documents\BKK%20Schmidt%20Haushaltshilfe.odt_0.odt 2015-03-07 20:34 - 2015-03-07 20:34 - 00000152 ____H () C:\Users\Schüle\Desktop\.~lock.BKK Schmidt Haushaltshilfe.odt# 2015-03-07 15:10 - 2015-03-07 15:10 - 00014154 _____ () C:\Users\Schüle\Desktop\BKK Schmidt Haushaltshilfe.odt 2015-03-05 10:54 - 2015-03-05 10:54 - 00138976 _____ () C:\Windows\Minidump\Mini030515-01.dmp 2015-03-03 05:48 - 2015-03-03 05:48 - 00138976 _____ () C:\Windows\Minidump\Mini030315-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-26 22:47 - 2013-05-22 12:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-26 22:46 - 2014-07-13 14:27 - 00000000 ____D () C:\AdwCleaner 2015-03-26 22:46 - 2009-03-06 11:09 - 01767466 _____ () C:\Windows\WindowsUpdate.log 2015-03-26 22:42 - 2011-11-28 14:35 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-03-26 22:41 - 2014-06-09 22:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-03-26 22:41 - 2013-05-22 12:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-26 22:41 - 2010-08-14 19:32 - 00027934 _____ () C:\ProgramData\nvModes.001 2015-03-26 22:41 - 2009-03-06 11:16 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2015-03-26 22:41 - 2008-09-11 01:01 - 00000147 _____ () C:\Windows\system32\agent.log 2015-03-26 22:41 - 2008-01-21 03:47 - 00328482 _____ () C:\Windows\PFRO.log 2015-03-26 22:41 - 2006-11-02 14:01 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-26 22:41 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-26 22:41 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-26 22:41 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-26 22:35 - 2012-04-20 08:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-25 19:41 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing 2015-03-25 06:22 - 2010-12-17 14:31 - 00000000 ____D () C:\Windows\Minidump 2015-03-25 06:22 - 2010-12-17 14:30 - 382524070 _____ () C:\Windows\MEMORY.DMP 2015-03-24 23:35 - 2009-04-25 21:25 - 00000000 ____D () C:\Program Files\Hardcopy 2015-03-24 23:27 - 2015-02-19 16:57 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2015-03-24 23:19 - 2009-05-13 21:52 - 00000000 ____D () C:\ProgramData\Apple 2015-03-20 20:42 - 2008-09-11 00:41 - 00000000 ____D () C:\ProgramData\Symantec 2015-03-20 20:42 - 2008-09-11 00:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2015-03-19 16:18 - 2009-04-11 21:55 - 00000000 ____D () C:\Users\Schüle 2015-03-18 15:10 - 2010-08-05 19:34 - 00027934 _____ () C:\ProgramData\nvModes.dat 2015-03-15 19:10 - 2010-01-19 22:23 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\vlc 2015-03-15 17:52 - 2010-07-29 21:19 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\dvdcss 2015-03-13 11:58 - 2014-02-15 16:53 - 00000000 ____D () C:\Users\Schüle\Desktop\Julia 2015-03-13 06:26 - 2008-09-11 01:04 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-09 21:09 - 2006-11-02 13:52 - 00115692 _____ () C:\Windows\setupact.log 2015-03-09 21:07 - 2015-01-17 19:19 - 00000000 ____D () C:\Users\Schüle\Desktop\ebay 17.01.15 2015-03-08 15:54 - 2012-06-28 20:24 - 00000000 ____D () C:\ProgramData\firebird ==================== Files in the root of some directories ======= 2011-04-27 17:58 - 2014-03-25 21:41 - 0001164 _____ () C:\Users\Schüle\AppData\Local\crc32list11.txt 2010-05-11 20:22 - 2014-06-08 21:16 - 0000680 _____ () C:\Users\Schüle\AppData\Local\d3d9caps.dat 2009-08-08 21:41 - 2015-01-18 11:04 - 0084992 _____ () C:\Users\Schüle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-08-11 21:04 - 2014-05-01 22:58 - 0004929 _____ () C:\ProgramData\hpzinstall.log 2015-03-19 22:17 - 2015-03-19 22:17 - 0005115 _____ () C:\ProgramData\N360BUOptions.ini 2010-08-14 19:32 - 2015-03-26 22:41 - 0027934 _____ () C:\ProgramData\nvModes.001 2010-08-05 19:34 - 2015-03-18 15:10 - 0027934 _____ () C:\ProgramData\nvModes.dat Some content of TEMP: ==================== C:\Users\Schüle\AppData\Local\Temp\avgnt.exe C:\Users\Schüle\AppData\Local\Temp\avguidx.dll C:\Users\Schüle\AppData\Local\Temp\CommonInstaller.exe C:\Users\Schüle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmply363d.dll C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe-1.exe C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe.exe C:\Users\Schüle\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Schüle\AppData\Local\Temp\oi_{0206E94C-54DA-4383-8329-E6D830949908}.exe C:\Users\Schüle\AppData\Local\Temp\Quarantine.exe C:\Users\Schüle\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\Schüle\AppData\Local\Temp\SIMEEI2Installer.exe C:\Users\Schüle\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\Schüle\AppData\Local\Temp\sqlite3.dll C:\Users\Schüle\AppData\Local\Temp\ToolbarInstaller.exe C:\Users\Schüle\AppData\Local\Temp\ytb.exe C:\Users\Schüle\AppData\Local\Temp\{FDAEB69C-C89A-407F-AEF2-707495603B7A}-21.0.1180.83_21.0.1180.79_chrome_updater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-26 22:48 ==================== End Of Log ============================ --- --- --- |
27.03.2015, 18:36 | #17 |
/// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklicktESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ |
27.03.2015, 21:45 | #18 |
| UPS Phishing Mail geöffnet uns auf Link geklicktCode:
ATTFilter Results of screen317's Security Check version 0.99.97 Windows Vista Service Pack 1 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 22 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (36.0.4) Mozilla Thunderbird (31.1.2) Google Chrome (41.0.2272.101) Google Chrome (41.0.2272.89) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
28.03.2015, 12:26 | #19 |
/// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklickt und der Rest?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.03.2015, 21:23 | #20 |
| UPS Phishing Mail geöffnet uns auf Link geklickt So hier noch der Rest Code:
ATTFilter Results of screen317's Security Check version 0.99.97 Windows Vista Service Pack 1 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 22 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (36.0.4) Mozilla Thunderbird (31.1.2) Google Chrome (41.0.2272.101) Google Chrome (41.0.2272.89) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=46300e66831f0449a60830bc26b54045 # engine=23136 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-29 01:30:52 # local_time=2015-03-29 03:30:52 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 91 227232 515424 0 0 # compatibility_mode_1='' # compatibility_mode=5892 16776574 100 95 226752943 265168580 0 0 # scanned=149423 # found=0 # cleaned=0 # scan_time=4843 Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=46300e66831f0449a60830bc26b54045 # engine=23136 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-29 01:30:52 # local_time=2015-03-29 03:30:52 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 91 227232 515424 0 0 # compatibility_mode_1='' # compatibility_mode=5892 16776574 100 95 226752943 265168580 0 0 # scanned=149423 # found=0 # cleaned=0 # scan_time=4843 ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=46300e66831f0449a60830bc26b54045 # engine=23139 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-29 06:20:03 # local_time=2015-03-29 08:20:03 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 91 248182 532774 0 0 # compatibility_mode_1='' # compatibility_mode=5892 16776574 100 95 226773893 265185930 0 0 # scanned=6637 # found=0 # cleaned=0 # scan_time=203 ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=46300e66831f0449a60830bc26b54045 # engine=23142 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-29 08:00:59 # local_time=2015-03-29 10:00:59 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 91 254239 538831 0 0 # compatibility_mode_1='' # compatibility_mode=5892 16776574 100 95 226779950 265191987 0 0 # scanned=9394 # found=2 # cleaned=0 # scan_time=1597 sh=96FB715EC6A545CA86FACD8BAF12D432D49ACA80 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schüle\Documents\Downloads\wz175-32gev.msi" sh=F711D2AA2F4CC4C6DA8C668A566152517DA39F1B ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schüle\Documents\Downloads\wz180gev-32.msi" Users\...\AppData\Local\Temp\~DFF99B.tpm überprüft hat. Ich habe dann diesen Ordner zur Prüfung ausgeschlossen. So konnte die Prüfung abgeschlossen werden. Die Datei ist allerdings von 2009. Avast zeigt mir bei der Überprüfung für diese Datei folgenden Fehler an: Die Anforderung konnte wegen eines E/A Gerätefehlersnicht ausgeführt werden (1117) Sonst würde ich sage dass der Rechner schnell abstürzt und zum Hochfahren lange braucht bis die Programe bereit sind. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Schüle (administrator) on SCHÜLE-LAPTOP on 29-03-2015 22:47:17 Running from c:\Users\Schüle\eigene dateien\downloads Loaded Profiles: Schüle (Available profiles: Schüle) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\Common Files\AAV\aavus.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (COMODO) C:\Program Files\Comodo\BackUp\CmdBkSvc.exe () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Farbar) C:\Users\Schüle\Documents\Downloads\FRST (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-13] (Synaptics, Inc.) HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] () HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-24] (RealNetworks, Inc.) HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe [121120 2010-10-28] (Nuance Communications, Inc.) HKLM\...\Run: [Nuance PDF Converter 7-reminder] => C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-27] (Avast Software s.r.o.) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\MountPoints2: {d5797571-7152-11df-b752-00238b2dd3ee} - F:\InstallTomTomHOME.exe Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie URLSearchHook: [S-1-5-21-768814543-1293272205-1146082735-1000] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-24] (RealPlayer) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-27] (Avast Software s.r.o.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07] (Sun Microsystems, Inc.) Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default FF Homepage: http.www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-07] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-07] (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-03] FF Extension: SeoQuake - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-03-29] FF Extension: Page Speed - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2015-03-29] FF Extension: Firebug - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-20] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-09] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-09-09] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-07-24] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-27] FF Extension: PDF Converter 7.0 - C:\Program Files\Nuance\PDF Converter 7\FireFox [2014-09-22] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Profile: C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-27] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-27] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-27] (Avast Software) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 ComodoBackupService; C:\Program Files\Comodo\BackUp\CmdBkSvc.exe [1023488 2009-04-25] (COMODO) [File not signed] R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed] R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [File not signed] R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 A2DDA; C:\EEK\bin\a2ddax86.sys [22056 2015-03-24] (Emsisoft GmbH) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-27] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-27] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-03-27] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-27] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-27] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-03-27] (Avast Software s.r.o.) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-03-27] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-03-27] () S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-03-24] (Emsisoft GmbH) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-23] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-25] (Malwarebytes Corporation) S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [75776 2007-02-12] (Prolific Technology Inc.) [File not signed] R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-27] (Avast Software) S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 Netaapl; system32\DRIVERS\netaapl.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 USBAAPL; System32\Drivers\usbaapl.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-29 22:45 - 2015-03-29 22:45 - 00001214 _____ () C:\Users\Schüle\Desktop\checkup.txt 2015-03-29 22:19 - 2015-03-29 22:19 - 00000000 ____D () C:\Program Files\ESET 2015-03-29 22:15 - 2015-03-29 22:15 - 00003094 _____ () C:\Users\Schüle\Desktop\eset2.txt 2015-03-29 22:15 - 2015-03-29 22:15 - 00000783 _____ () C:\Windows\NTIWVEDT.INI 2015-03-29 18:52 - 2015-03-29 18:52 - 00142656 _____ () C:\Windows\Minidump\Mini032915-01.dmp 2015-03-29 15:55 - 2015-03-29 15:55 - 00000955 _____ () C:\Users\Schüle\Desktop\eset1.txt 2015-03-27 00:39 - 2015-03-27 00:39 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-03-27 00:39 - 2015-03-27 00:39 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-03-27 00:35 - 2015-03-27 00:35 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-27 00:35 - 2015-03-27 00:35 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-27 00:27 - 2015-03-27 00:29 - 00000607 _____ () C:\Windows\wininit.ini 2015-03-27 00:24 - 2015-03-27 00:27 - 00000000 ____D () C:\Windows\system32\vbox 2015-03-27 00:24 - 2015-03-27 00:24 - 00001831 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-03-27 00:24 - 2015-03-27 00:24 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\AVAST Software 2015-03-27 00:24 - 2015-03-27 00:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-03-27 00:23 - 2015-03-27 00:23 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-03-27 00:23 - 2015-03-27 00:23 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-03-27 00:23 - 2015-03-27 00:23 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-03-27 00:20 - 2015-03-27 00:20 - 00000000 ____D () C:\Program Files\AVAST Software 2015-03-27 00:19 - 2015-03-27 00:19 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-03-27 00:07 - 2015-03-27 00:07 - 00139552 _____ () C:\Windows\Minidump\Mini032615-01.dmp 2015-03-26 23:49 - 2015-03-26 23:49 - 00000939 _____ () C:\Users\Schüle\Desktop\JRT.txt 2015-03-25 10:12 - 2015-03-25 10:12 - 00001886 _____ () C:\Users\Schüle\Desktop\a2scan_150325-063559 bericht.txt 2015-03-25 07:22 - 2015-03-25 07:22 - 00142656 _____ () C:\Windows\Minidump\Mini032515-01.dmp 2015-03-25 00:54 - 2015-03-25 00:54 - 00142656 _____ () C:\Windows\Minidump\Mini032415-02.dmp 2015-03-25 00:14 - 2015-03-25 00:14 - 00000000 ____D () C:\OETemp 2015-03-24 22:04 - 2015-03-24 22:04 - 00000693 _____ () C:\Users\Schüle\Desktop\Start Emsisoft Emergency Kit.lnk 2015-03-24 22:03 - 2015-03-25 07:25 - 00000000 ____D () C:\EEK 2015-03-24 02:09 - 2015-03-24 02:09 - 00142608 _____ () C:\Windows\Minidump\Mini032415-01.dmp 2015-03-23 23:32 - 2015-03-25 01:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-23 23:32 - 2015-03-25 01:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-23 23:31 - 2015-03-23 23:31 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-23 18:30 - 2015-03-23 18:30 - 00142608 _____ () C:\Windows\Minidump\Mini032315-01.dmp 2015-03-22 23:01 - 2015-03-23 23:31 - 00000000 ____D () C:\Users\Schüle\Desktop\mbar 2015-03-22 22:43 - 2015-03-25 00:27 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-03-22 22:37 - 2015-03-22 22:37 - 00138976 _____ () C:\Windows\Minidump\Mini032215-01.dmp 2015-03-19 23:33 - 2015-03-25 00:35 - 00000000 ____D () C:\Program Files\Avira 2015-03-19 23:17 - 2015-03-19 23:17 - 00005115 _____ () C:\ProgramData\N360BUOptions.ini 2015-03-19 21:50 - 2015-03-19 21:50 - 00014681 _____ () C:\Users\Schüle\Desktop\gamer.txt 2015-03-19 21:50 - 2015-03-19 21:50 - 00000104 ____H () C:\Users\Schüle\Desktop\.~lock.gamer.txt# 2015-03-19 21:16 - 2015-03-19 21:16 - 00036873 _____ () C:\Users\Schüle\Desktop\FRST.txt 2015-03-19 17:22 - 2015-03-29 22:47 - 00000000 ____D () C:\FRST 2015-03-19 17:18 - 2015-03-19 17:18 - 00000000 _____ () C:\Users\Schüle\defogger_reenable 2015-03-19 15:22 - 2015-03-23 23:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-19 14:33 - 2015-03-19 14:33 - 00138976 _____ () C:\Windows\Minidump\Mini031915-01.dmp 2015-03-14 17:12 - 2015-03-14 17:12 - 00138200 _____ () C:\Windows\Minidump\Mini031415-01.dmp 2015-03-13 12:58 - 2015-03-13 12:58 - 00015810 _____ () C:\Users\Schüle\Desktop\haushaltshilfen 2014.odt 2015-03-08 16:11 - 2015-03-07 21:58 - 00013171 _____ () C:\Users\Schüle\Documents\SDK%20Julia%20Schüle%20%202011%20Heilpraktiker.odt_0.odt 2015-03-08 16:11 - 2015-03-07 21:58 - 00012352 _____ () C:\Users\Schüle\Documents\BKK%20Schmidt%20Haushaltshilfe.odt_0.odt 2015-03-07 21:34 - 2015-03-07 21:34 - 00000152 ____H () C:\Users\Schüle\Desktop\.~lock.BKK Schmidt Haushaltshilfe.odt# 2015-03-07 16:10 - 2015-03-07 16:10 - 00014154 _____ () C:\Users\Schüle\Desktop\BKK Schmidt Haushaltshilfe.odt 2015-03-05 11:54 - 2015-03-05 11:54 - 00138976 _____ () C:\Windows\Minidump\Mini030515-01.dmp 2015-03-03 06:48 - 2015-03-03 06:48 - 00138976 _____ () C:\Windows\Minidump\Mini030315-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-29 22:46 - 2013-05-22 13:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-29 22:42 - 2008-01-21 09:16 - 00005552 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-29 22:39 - 2009-03-06 12:09 - 01875925 _____ () C:\Windows\WindowsUpdate.log 2015-03-29 22:36 - 2011-11-28 15:35 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-03-29 22:35 - 2014-06-09 23:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-03-29 22:35 - 2013-05-22 13:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-29 22:35 - 2010-08-14 20:32 - 00027934 _____ () C:\ProgramData\nvModes.001 2015-03-29 22:35 - 2009-03-06 12:16 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2015-03-29 22:35 - 2008-09-11 02:01 - 00000147 _____ () C:\Windows\system32\agent.log 2015-03-29 22:35 - 2008-01-21 04:47 - 00330448 _____ () C:\Windows\PFRO.log 2015-03-29 22:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-29 22:35 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-29 22:35 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-29 21:35 - 2012-04-20 09:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-29 18:52 - 2010-12-17 15:31 - 00000000 ____D () C:\Windows\Minidump 2015-03-29 18:52 - 2010-12-17 15:30 - 355437222 _____ () C:\Windows\MEMORY.DMP 2015-03-28 01:44 - 2006-11-02 15:01 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-27 22:41 - 2013-08-21 21:41 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-27 22:24 - 2014-10-08 22:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-27 00:39 - 2008-09-11 02:02 - 00000000 ____D () C:\ProgramData\Adobe 2015-03-27 00:38 - 2009-04-17 22:46 - 00000000 ____D () C:\Users\Schüle\AppData\Local\Adobe 2015-03-27 00:38 - 2008-09-11 02:02 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2015-03-27 00:38 - 2008-09-11 02:02 - 00000000 ____D () C:\Program Files\Adobe 2015-03-27 00:35 - 2012-09-09 19:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-27 00:29 - 2014-10-27 23:16 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\Dropbox 2015-03-26 23:46 - 2014-07-13 15:27 - 00000000 ____D () C:\AdwCleaner 2015-03-25 20:41 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing 2015-03-25 00:35 - 2009-04-25 22:25 - 00000000 ____D () C:\Program Files\Hardcopy 2015-03-25 00:27 - 2015-02-19 17:57 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2015-03-25 00:19 - 2009-05-13 22:52 - 00000000 ____D () C:\ProgramData\Apple 2015-03-20 21:42 - 2008-09-11 01:41 - 00000000 ____D () C:\ProgramData\Symantec 2015-03-20 21:42 - 2008-09-11 01:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2015-03-19 17:18 - 2009-04-11 22:55 - 00000000 ____D () C:\Users\Schüle 2015-03-18 16:10 - 2010-08-05 20:34 - 00027934 _____ () C:\ProgramData\nvModes.dat 2015-03-15 20:10 - 2010-01-19 23:23 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\vlc 2015-03-15 18:52 - 2010-07-29 22:19 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\dvdcss 2015-03-13 12:58 - 2014-02-15 17:53 - 00000000 ____D () C:\Users\Schüle\Desktop\Julia 2015-03-13 07:26 - 2008-09-11 02:04 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-09 22:09 - 2006-11-02 14:52 - 00115692 _____ () C:\Windows\setupact.log 2015-03-09 22:07 - 2015-01-17 20:19 - 00000000 ____D () C:\Users\Schüle\Desktop\ebay 17.01.15 2015-03-08 16:54 - 2012-06-28 21:24 - 00000000 ____D () C:\ProgramData\firebird ==================== Files in the root of some directories ======= 2011-04-27 18:58 - 2014-03-25 22:41 - 0001164 _____ () C:\Users\Schüle\AppData\Local\crc32list11.txt 2010-05-11 21:22 - 2014-06-08 22:16 - 0000680 _____ () C:\Users\Schüle\AppData\Local\d3d9caps.dat 2009-08-08 22:41 - 2015-01-18 12:04 - 0084992 _____ () C:\Users\Schüle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-08-11 22:04 - 2014-05-01 23:58 - 0004929 _____ () C:\ProgramData\hpzinstall.log 2015-03-19 23:17 - 2015-03-19 23:17 - 0005115 _____ () C:\ProgramData\N360BUOptions.ini 2010-08-14 20:32 - 2015-03-29 22:35 - 0027934 _____ () C:\ProgramData\nvModes.001 2010-08-05 20:34 - 2015-03-18 16:10 - 0027934 _____ () C:\ProgramData\nvModes.dat Some content of TEMP: ==================== C:\Users\Schüle\AppData\Local\Temp\avgnt.exe C:\Users\Schüle\AppData\Local\Temp\avguidx.dll C:\Users\Schüle\AppData\Local\Temp\CommonInstaller.exe C:\Users\Schüle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpong9iw.dll C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe-1.exe C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe.exe C:\Users\Schüle\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Schüle\AppData\Local\Temp\oi_{0206E94C-54DA-4383-8329-E6D830949908}.exe C:\Users\Schüle\AppData\Local\Temp\Quarantine.exe C:\Users\Schüle\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\Schüle\AppData\Local\Temp\SIMEEI2Installer.exe C:\Users\Schüle\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\Schüle\AppData\Local\Temp\sqlite3.dll C:\Users\Schüle\AppData\Local\Temp\ToolbarInstaller.exe C:\Users\Schüle\AppData\Local\Temp\ytb.exe C:\Users\Schüle\AppData\Local\Temp\{FDAEB69C-C89A-407F-AEF2-707495603B7A}-21.0.1180.83_21.0.1180.79_chrome_updater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-29 22:41 ==================== End Of Log ============================ --- --- --- |
31.03.2015, 05:26 | #21 |
/// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklickt Java und Adobe updaten. Windows updaten, da fehlen 6 Jahre an Updates!!! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Schüle\Documents\Downloads\wz175-32gev.msi C:\Users\Schüle\Documents\Downloads\wz180gev-32.msi Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ --> UPS Phishing Mail geöffnet uns auf Link geklickt |
31.03.2015, 22:15 | #22 |
| UPS Phishing Mail geöffnet uns auf Link geklickt OK, die Updates sind durch. Anbei das Log Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015 Ran by Schüle at 2015-03-31 23:00:25 Run:1 Running from c:\Users\Schüle\eigene dateien\downloads Loaded Profiles: Schüle (Available profiles: Schüle) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Schüle\Documents\Downloads\wz175-32gev.msi C:\Users\Schüle\Documents\Downloads\wz180gev-32.msi Emptytemp: ***************** C:\Users\Schüle\Documents\Downloads\wz175-32gev.msi => Moved successfully. C:\Users\Schüle\Documents\Downloads\wz180gev-32.msi => Moved successfully. EmptyTemp: => Removed 2.8 GB temporary data. The system needed a reboot. ==== End of Fixlog 23:06:07 ==== |
01.04.2015, 08:52 | #23 |
/// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklickt Frisches FRST log bitte. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.04.2015, 07:20 | #24 |
| UPS Phishing Mail geöffnet uns auf Link geklickt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Schüle (administrator) on SCHÜLE-LAPTOP on 01-04-2015 19:47:34 Running from c:\Users\Schüle\eigene dateien\downloads Loaded Profiles: Schüle (Available profiles: Schüle) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\Common Files\AAV\aavus.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (COMODO) C:\Program Files\Comodo\BackUp\CmdBkSvc.exe () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-13] (Synaptics, Inc.) HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] () HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-24] (RealNetworks, Inc.) HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe [121120 2010-10-28] (Nuance Communications, Inc.) HKLM\...\Run: [Nuance PDF Converter 7-reminder] => C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-27] (Avast Software s.r.o.) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-08-06] (Realtek Semiconductor Corp.) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\MountPoints2: {d5797571-7152-11df-b752-00238b2dd3ee} - F:\InstallTomTomHOME.exe Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620 HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-24] (RealPlayer) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-27] (Avast Software s.r.o.) Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default FF Homepage: http.www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-31] () FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll No File FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.) FF Extension: SeoQuake - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-03-29] FF Extension: Page Speed - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2015-03-29] FF Extension: Firebug - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-20] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-09] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-09-09] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-07-24] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-27] FF Extension: PDF Converter 7.0 - C:\Program Files\Nuance\PDF Converter 7\FireFox [2014-09-22] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Profile: C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-27] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-27] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-27] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-27] (Avast Software) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 ComodoBackupService; C:\Program Files\Comodo\BackUp\CmdBkSvc.exe [1023488 2009-04-25] (COMODO) [File not signed] R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed] R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [File not signed] R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 A2DDA; C:\EEK\bin\a2ddax86.sys [22056 2015-03-24] (Emsisoft GmbH) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-27] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-27] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-03-27] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-27] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-27] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-03-27] (Avast Software s.r.o.) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-03-27] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-03-27] () S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-03-24] (Emsisoft GmbH) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-23] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-29] (Malwarebytes Corporation) R3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [75776 2007-02-12] (Prolific Technology Inc.) [File not signed] R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-27] (Avast Software) S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 Netaapl; system32\DRIVERS\netaapl.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 USBAAPL; System32\Drivers\usbaapl.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-01 18:47 - 2012-06-03 00:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-01 18:47 - 2012-06-03 00:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-01 18:47 - 2012-06-03 00:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-01 18:47 - 2012-06-03 00:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-01 18:47 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-01 18:47 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-03-31 22:49 - 2015-03-31 22:49 - 00000000 ____D () C:\ProgramData\APN 2015-03-31 22:46 - 2015-03-31 22:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-03-31 22:46 - 2015-03-31 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-03-31 22:46 - 2015-03-31 22:46 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-03-31 22:45 - 2015-03-31 22:53 - 00000000 ____D () C:\ProgramData\Oracle 2015-03-31 22:30 - 2015-03-31 22:30 - 00000861 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2015-03-31 22:19 - 2015-03-31 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-03-31 22:18 - 2015-03-31 22:18 - 00000000 ____D () C:\ProgramData\Skype 2015-03-31 22:18 - 2015-03-31 22:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-03-31 22:15 - 2010-12-18 08:27 - 00916480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-31 22:15 - 2010-12-18 08:26 - 01210880 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-31 22:15 - 2010-12-18 08:25 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-03-31 22:15 - 2010-12-18 08:23 - 05961216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-31 22:15 - 2010-12-18 08:23 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2015-03-31 22:15 - 2010-12-18 08:23 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-31 22:15 - 2010-12-18 08:23 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-31 22:15 - 2010-12-18 08:23 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-03-31 22:15 - 2010-12-18 08:22 - 11080704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-31 22:15 - 2010-12-18 08:22 - 01991680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-31 22:15 - 2010-12-18 08:22 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-31 22:15 - 2010-12-18 08:22 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-31 22:15 - 2010-12-18 08:22 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-03-31 22:15 - 2010-12-18 08:22 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-31 22:15 - 2010-12-18 08:22 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-03-31 22:15 - 2010-12-18 08:22 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-31 22:15 - 2010-12-18 08:22 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-31 22:15 - 2010-12-18 08:22 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2015-03-31 22:15 - 2010-12-18 08:22 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-31 22:15 - 2010-12-18 07:25 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-03-31 22:15 - 2010-12-18 06:48 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-31 22:15 - 2010-12-18 06:48 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-31 22:15 - 2010-12-18 06:47 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-31 22:15 - 2010-12-18 06:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-03-31 22:12 - 2009-03-08 13:34 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-03-31 22:12 - 2009-03-08 13:34 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\WinFXDocObj.exe 2015-03-31 22:12 - 2009-03-08 13:34 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-31 22:12 - 2009-03-08 13:34 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-03-31 22:12 - 2009-03-08 13:33 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-31 22:12 - 2009-03-08 13:33 - 00420352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-31 22:12 - 2009-03-08 13:33 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll 2015-03-31 22:12 - 2009-03-08 13:33 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll 2015-03-31 22:12 - 2009-03-08 13:33 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\PDMSetup.exe 2015-03-31 22:12 - 2009-03-08 13:33 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-03-31 22:12 - 2009-03-08 13:33 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2015-03-31 22:12 - 2009-03-08 13:33 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\SetDepNx.exe 2015-03-31 22:12 - 2009-03-08 13:33 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2015-03-31 22:12 - 2009-03-08 13:32 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2015-03-31 22:12 - 2009-03-08 13:32 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll 2015-03-31 22:12 - 2009-03-08 13:32 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll 2015-03-31 22:12 - 2009-03-08 13:32 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2015-03-31 22:12 - 2009-03-08 13:32 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll 2015-03-31 22:12 - 2009-03-08 13:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2015-03-31 22:12 - 2009-03-08 13:31 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-31 22:12 - 2009-03-08 13:31 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-31 22:12 - 2009-03-08 13:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2015-03-31 22:12 - 2009-03-08 13:31 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2015-03-31 22:12 - 2009-03-08 13:31 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2015-03-31 22:12 - 2009-03-08 13:31 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-03-31 22:12 - 2009-03-08 13:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2015-03-31 22:12 - 2009-03-08 13:30 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2015-03-31 22:12 - 2009-03-08 13:22 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2015-03-31 22:12 - 2009-03-08 13:11 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-31 22:12 - 2009-02-07 06:07 - 03698584 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2015-03-31 21:50 - 2015-03-31 21:51 - 00000000 ____D () C:\Windows\system32\vi-VN 2015-03-31 21:50 - 2015-03-31 21:51 - 00000000 ____D () C:\Windows\system32\eu-ES 2015-03-31 21:50 - 2015-03-31 21:51 - 00000000 ____D () C:\Windows\system32\ca-ES 2015-03-31 21:21 - 2015-03-31 21:21 - 00000000 ____D () C:\Windows\system32\EventProviders 2015-03-29 22:45 - 2015-03-29 22:45 - 00001214 _____ () C:\Users\Schüle\Desktop\checkup.txt 2015-03-29 22:19 - 2015-03-29 22:19 - 00000000 ____D () C:\Program Files\ESET 2015-03-29 22:15 - 2015-03-29 22:15 - 00003094 _____ () C:\Users\Schüle\Desktop\eset2.txt 2015-03-29 22:15 - 2015-03-29 22:15 - 00000783 _____ () C:\Windows\NTIWVEDT.INI 2015-03-29 18:52 - 2015-03-29 18:52 - 00142656 _____ () C:\Windows\Minidump\Mini032915-01.dmp 2015-03-29 15:55 - 2015-03-29 15:55 - 00000955 _____ () C:\Users\Schüle\Desktop\eset1.txt 2015-03-27 00:39 - 2015-03-27 00:39 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-03-27 00:39 - 2015-03-27 00:39 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-03-27 00:35 - 2015-03-27 00:35 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-27 00:35 - 2015-03-27 00:35 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-27 00:27 - 2015-03-27 00:29 - 00000607 _____ () C:\Windows\wininit.ini 2015-03-27 00:24 - 2015-03-27 00:27 - 00000000 ____D () C:\Windows\system32\vbox 2015-03-27 00:24 - 2015-03-27 00:24 - 00001831 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-03-27 00:24 - 2015-03-27 00:24 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\AVAST Software 2015-03-27 00:24 - 2015-03-27 00:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-03-27 00:23 - 2015-03-27 00:23 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-03-27 00:23 - 2015-03-27 00:23 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-03-27 00:23 - 2015-03-27 00:23 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-03-27 00:23 - 2015-03-27 00:23 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-03-27 00:20 - 2015-03-27 00:20 - 00000000 ____D () C:\Program Files\AVAST Software 2015-03-27 00:19 - 2015-03-27 00:19 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-03-27 00:07 - 2015-03-27 00:07 - 00139552 _____ () C:\Windows\Minidump\Mini032615-01.dmp 2015-03-26 23:49 - 2015-03-26 23:49 - 00000939 _____ () C:\Users\Schüle\Desktop\JRT.txt 2015-03-25 10:12 - 2015-03-25 10:12 - 00001886 _____ () C:\Users\Schüle\Desktop\a2scan_150325-063559 bericht.txt 2015-03-25 07:22 - 2015-03-25 07:22 - 00142656 _____ () C:\Windows\Minidump\Mini032515-01.dmp 2015-03-25 00:54 - 2015-03-25 00:54 - 00142656 _____ () C:\Windows\Minidump\Mini032415-02.dmp 2015-03-25 00:14 - 2015-03-25 00:14 - 00000000 ____D () C:\OETemp 2015-03-24 22:04 - 2015-03-24 22:04 - 00000693 _____ () C:\Users\Schüle\Desktop\Start Emsisoft Emergency Kit.lnk 2015-03-24 22:03 - 2015-03-25 07:25 - 00000000 ____D () C:\EEK 2015-03-24 02:09 - 2015-03-24 02:09 - 00142608 _____ () C:\Windows\Minidump\Mini032415-01.dmp 2015-03-23 23:32 - 2015-03-29 22:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-23 23:32 - 2015-03-29 22:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-23 23:31 - 2015-03-23 23:31 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-23 18:30 - 2015-03-23 18:30 - 00142608 _____ () C:\Windows\Minidump\Mini032315-01.dmp 2015-03-22 23:01 - 2015-03-23 23:31 - 00000000 ____D () C:\Users\Schüle\Desktop\mbar 2015-03-22 22:43 - 2015-03-25 00:27 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-03-22 22:37 - 2015-03-22 22:37 - 00138976 _____ () C:\Windows\Minidump\Mini032215-01.dmp 2015-03-19 23:33 - 2015-03-25 00:35 - 00000000 ____D () C:\Program Files\Avira 2015-03-19 23:17 - 2015-03-19 23:17 - 00005115 _____ () C:\ProgramData\N360BUOptions.ini 2015-03-19 21:50 - 2015-03-19 21:50 - 00014681 _____ () C:\Users\Schüle\Desktop\gamer.txt 2015-03-19 21:50 - 2015-03-19 21:50 - 00000104 ____H () C:\Users\Schüle\Desktop\.~lock.gamer.txt# 2015-03-19 21:16 - 2015-03-29 22:48 - 00034040 _____ () C:\Users\Schüle\Desktop\FRST.txt 2015-03-19 17:22 - 2015-04-01 19:47 - 00000000 ____D () C:\FRST 2015-03-19 17:18 - 2015-03-19 17:18 - 00000000 _____ () C:\Users\Schüle\defogger_reenable 2015-03-19 15:22 - 2015-03-23 23:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-19 14:33 - 2015-03-19 14:33 - 00138976 _____ () C:\Windows\Minidump\Mini031915-01.dmp 2015-03-14 17:12 - 2015-03-14 17:12 - 00138200 _____ () C:\Windows\Minidump\Mini031415-01.dmp 2015-03-13 12:58 - 2015-03-13 12:58 - 00015810 _____ () C:\Users\Schüle\Desktop\haushaltshilfen 2014.odt 2015-03-08 16:11 - 2015-03-07 21:58 - 00013171 _____ () C:\Users\Schüle\Documents\SDK%20Julia%20Schüle%20%202011%20Heilpraktiker.odt_0.odt 2015-03-08 16:11 - 2015-03-07 21:58 - 00012352 _____ () C:\Users\Schüle\Documents\BKK%20Schmidt%20Haushaltshilfe.odt_0.odt 2015-03-07 21:34 - 2015-03-07 21:34 - 00000152 ____H () C:\Users\Schüle\Desktop\.~lock.BKK Schmidt Haushaltshilfe.odt# 2015-03-07 16:10 - 2015-03-07 16:10 - 00014154 _____ () C:\Users\Schüle\Desktop\BKK Schmidt Haushaltshilfe.odt 2015-03-05 11:54 - 2015-03-05 11:54 - 00138976 _____ () C:\Windows\Minidump\Mini030515-01.dmp 2015-03-03 06:48 - 2015-03-03 06:48 - 00138976 _____ () C:\Windows\Minidump\Mini030315-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-01 19:46 - 2013-05-22 13:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-01 19:46 - 2009-03-06 12:09 - 01075513 _____ () C:\Windows\WindowsUpdate.log 2015-04-01 19:35 - 2012-04-20 09:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-01 19:04 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache 2015-04-01 18:50 - 2008-01-21 09:16 - 00005552 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-01 18:48 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE 2015-04-01 18:43 - 2011-11-28 15:35 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-04-01 18:42 - 2014-06-09 23:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-04-01 18:42 - 2013-05-22 13:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-01 18:42 - 2010-08-14 20:32 - 00027934 _____ () C:\ProgramData\nvModes.001 2015-04-01 18:42 - 2009-03-06 12:16 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2015-04-01 18:42 - 2008-09-11 02:01 - 00000147 _____ () C:\Windows\system32\agent.log 2015-04-01 18:42 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-01 18:42 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-01 18:42 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-01 01:02 - 2006-11-02 15:01 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-31 23:07 - 2014-10-08 22:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-31 23:07 - 2008-01-21 04:47 - 00333676 _____ () C:\Windows\PFRO.log 2015-03-31 22:55 - 2012-04-20 09:14 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-03-31 22:55 - 2012-04-20 09:14 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-03-31 22:45 - 2011-05-07 21:15 - 00000000 ____D () C:\Program Files\Java 2015-03-31 22:43 - 2012-09-09 19:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-31 22:42 - 2014-10-08 22:06 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2015-03-31 22:42 - 2014-10-08 22:06 - 00001792 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2015-03-31 22:42 - 2010-12-23 00:38 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2015-03-31 22:38 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-03-31 22:30 - 2010-01-19 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-03-31 22:24 - 2009-04-11 22:57 - 00000951 _____ () C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-31 22:00 - 2009-04-11 22:56 - 00000917 _____ () C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2015-03-31 21:56 - 2006-11-02 14:47 - 00323488 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-31 21:51 - 2008-01-21 09:15 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer 2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Sidebar 2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Photo Gallery 2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal 2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Collaboration 2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Calendar 2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Movie Maker 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\zh-TW 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\zh-CN 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\uk-UA 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\tr-TR 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\th-TH 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\sv-SE 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\SLUI 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\sl-SI 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\sk-SK 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ru-RU 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ro-RO 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\pt-PT 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\pt-BR 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\pl-PL 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\nl-NL 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\nb-NO 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\lv-LV 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\lt-LT 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ko-KR 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ja-JP 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\it-IT 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\hu-HU 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\hr-HR 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\he-IL 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\fr-FR 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\fi-FI 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\et-EE 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\el-GR 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\bg-BG 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ar-SA 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\IME 2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\System 2015-03-31 21:49 - 2008-09-11 01:40 - 00000000 ____D () C:\Windows\system32\RTCOM 2015-03-31 21:49 - 2006-11-02 14:52 - 00133904 _____ () C:\Windows\setupact.log 2015-03-30 20:44 - 2010-08-05 20:34 - 00027934 _____ () C:\ProgramData\nvModes.dat 2015-03-29 18:52 - 2010-12-17 15:31 - 00000000 ____D () C:\Windows\Minidump 2015-03-29 18:52 - 2010-12-17 15:30 - 355437222 _____ () C:\Windows\MEMORY.DMP 2015-03-27 22:41 - 2013-08-21 21:41 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-27 00:39 - 2008-09-11 02:02 - 00000000 ____D () C:\ProgramData\Adobe 2015-03-27 00:38 - 2009-04-17 22:46 - 00000000 ____D () C:\Users\Schüle\AppData\Local\Adobe 2015-03-27 00:38 - 2008-09-11 02:02 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2015-03-27 00:38 - 2008-09-11 02:02 - 00000000 ____D () C:\Program Files\Adobe 2015-03-27 00:29 - 2014-10-27 23:16 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\Dropbox 2015-03-26 23:46 - 2014-07-13 15:27 - 00000000 ____D () C:\AdwCleaner 2015-03-25 20:41 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing 2015-03-25 00:35 - 2009-04-25 22:25 - 00000000 ____D () C:\Program Files\Hardcopy 2015-03-25 00:27 - 2015-02-19 17:57 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2015-03-25 00:19 - 2009-05-13 22:52 - 00000000 ____D () C:\ProgramData\Apple 2015-03-20 21:42 - 2008-09-11 01:41 - 00000000 ____D () C:\ProgramData\Symantec 2015-03-20 21:42 - 2008-09-11 01:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2015-03-19 17:18 - 2009-04-11 22:55 - 00000000 ____D () C:\Users\Schüle 2015-03-15 20:10 - 2010-01-19 23:23 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\vlc 2015-03-15 18:52 - 2010-07-29 22:19 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\dvdcss 2015-03-13 12:58 - 2014-02-15 17:53 - 00000000 ____D () C:\Users\Schüle\Desktop\Julia 2015-03-13 07:26 - 2008-09-11 02:04 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-09 22:07 - 2015-01-17 20:19 - 00000000 ____D () C:\Users\Schüle\Desktop\ebay 17.01.15 2015-03-08 16:54 - 2012-06-28 21:24 - 00000000 ____D () C:\ProgramData\firebird ==================== Files in the root of some directories ======= 2011-04-27 18:58 - 2014-03-25 22:41 - 0001164 _____ () C:\Users\Schüle\AppData\Local\crc32list11.txt 2010-05-11 21:22 - 2014-06-08 22:16 - 0000680 _____ () C:\Users\Schüle\AppData\Local\d3d9caps.dat 2009-08-08 22:41 - 2015-01-18 12:04 - 0084992 _____ () C:\Users\Schüle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-08-11 22:04 - 2014-05-01 23:58 - 0004929 _____ () C:\ProgramData\hpzinstall.log 2015-03-19 23:17 - 2015-03-19 23:17 - 0005115 _____ () C:\ProgramData\N360BUOptions.ini 2010-08-14 20:32 - 2015-04-01 18:42 - 0027934 _____ () C:\ProgramData\nvModes.001 2010-08-05 20:34 - 2015-03-30 20:44 - 0027934 _____ () C:\ProgramData\nvModes.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-01 19:03 ==================== End Of Log ============================ --- --- --- Ich denke der Rechner verhält sich wieder normal. |
02.04.2015, 19:59 | #25 |
/// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklicktCleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu UPS Phishing Mail geöffnet uns auf Link geklickt |
administrator, bluescreen 0, converter, defender, explorer, flash player, phishing, registry, services.exe, software, svchost.exe, sweetpacks bundle uninstaller entfernen, symantec, winlogon.exe, yontoo entfernen |