| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.04.2015, 17:49
| #16 |
| /// the machine /// TB-Ausbilder    |  Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 Du hast es in Post #6 schon geladen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.04.2015, 19:33
| #17 |
 | Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015
Ran by Dadmar Petri (administrator) on DAGMAR on 12-04-2015 19:23:23
Running from C:\Users\Dadmar Petri\Desktop
Loaded Profiles: Dadmar Petri & UpdatusUser (Available profiles: Dadmar Petri & Hans Leo & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Steganos Software GmbH) C:\Program Files\OkayFreedom\OkayFreedomService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mbot_de_292] => [X]
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files\OkayFreedom\OkayFreedomClient.exe [6553000 2015-02-18] (Steganos Software GmbH)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\MountPoints2: {1114a94f-70d1-11e4-8c49-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\...\Run: [InetStat] => C:\Users\UpdatusUser\AppData\Roaming\InetStat\inetstat.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\...\Run: [clicup-Agent] => C:\Users\UpdatusUser\AppData\Local\clicup\chrmndr.exe
Startup: C:\Users\Hans Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2pe3cBiUP2kjpCxARPJjGyrOgOPN7jaCfiLR6DLYFTCl6cPZmG0a45XDbr5kt5nQ,,
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1416436823&from=brd&uid=WDCXWD10EURX-73FH1Y0_WD-WCC1U498012680126
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzzyDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0Ezz0C0DzytDyBtGtCzy0CzztG0C0FyEyBtGtAtCtD0DtGtCtDtBzyzy0Fzy0DyCtDtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0EyEtC0ByE0FtG0AyEyD0FtGyEtDyCyCtGzytCyD0EtGtBzytDtA0EyBzz0C0AtB0F0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyCyDyD%26cr%3D761057204%26a%3Dwny_secureddownload_15_14%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzzyDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0Ezz0C0DzytDyBtGtCzy0CzztG0C0FyEyBtGtAtCtD0DtGtCtDtBzyzy0Fzy0DyCtDtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0EyEtC0ByE0FtG0AyEyD0FtGyEtDyCyCtGzytCyD0EtGtBzytDtA0EyBzz0C0AtB0F0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyCyDyD%26cr%3D761057204%26a%3Dwny_secureddownload_15_14%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1004 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1004 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\nt2ty56p.Hans Leo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-31] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\3cdxsn3p.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR Profile: C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-29]
CHR Extension: (YouTube) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Google Sheets) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Gmail) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-17] (Avira Operations GmbH & Co. KG)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24608 2009-07-17] (NVIDIA Corporation)
R3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-08-27] (NXP Semiconductors Germany GmbH)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-12 19:22 - 2015-04-12 19:22 - 00020262 _____ () C:\Users\Dadmar Petri\Desktop\Addition.txt
2015-04-12 19:21 - 2015-04-12 19:23 - 00016482 _____ () C:\Users\Dadmar Petri\Desktop\FRST.txt
2015-04-12 19:12 - 2015-04-12 19:12 - 01135616 _____ (Farbar) C:\Users\Dadmar Petri\Desktop\FRST.exe
2015-04-12 12:03 - 2015-04-12 12:06 - 00001022 _____ () C:\Windows\comsetup.log
2015-04-12 11:53 - 2015-04-12 11:53 - 00000000 ____D () C:\$WINDOWS.~LS
2015-04-12 11:51 - 2015-04-12 11:51 - 00000000 ____D () C:\$WINDOWS.~BT
2015-04-12 09:34 - 2015-04-12 09:34 - 00000632 _____ () C:\Users\Dadmar Petri\Desktop\JRT.txt
2015-04-12 09:20 - 2015-04-12 09:20 - 02686959 _____ (Thisisu) C:\Users\Dadmar Petri\Desktop\JRT.exe
2015-04-11 19:49 - 2015-04-11 19:49 - 40676944 _____ () C:\Users\Dadmar Petri\Desktop\Firefox_Setup_37.0.1.exe
2015-04-11 14:45 - 2015-04-11 14:45 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Avira
2015-04-11 14:41 - 2015-03-17 13:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-11 14:38 - 2015-04-11 14:38 - 00001165 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-11 14:37 - 2015-04-11 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-11 14:37 - 2015-04-11 14:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-11 14:34 - 2015-04-11 14:34 - 04625104 _____ (Avira Operations GmbH & Co. KG) C:\Users\Dadmar Petri\Desktop\avira_de_av_5529133b5619d__wsm.exe
2015-04-11 14:24 - 2015-04-11 14:51 - 00000000 ____D () C:\Program Files\Common Files\c716fd70-872c-4aaa-a07f-e248365d7f56
2015-04-11 14:24 - 2015-04-11 14:38 - 00000000 ____D () C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56
2015-04-11 14:24 - 2015-04-11 14:24 - 105603488 _____ () C:\Users\Dadmar Petri\Downloads\avira-antivirus.exe
2015-04-11 14:24 - 2015-04-11 14:24 - 00000000 ____D () C:\Program Files\Assist Point
2015-04-11 13:45 - 2015-04-11 13:45 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAGMAR-Windows-7-Home-Premium-(32-bit).dat
2015-04-11 13:45 - 2015-04-11 13:45 - 00000000 ____D () C:\RegBackup
2015-04-11 11:50 - 2015-04-11 11:50 - 02217984 _____ () C:\Users\Dadmar Petri\Desktop\AdwCleaner_4.201.exe
2015-04-10 11:00 - 2015-04-10 11:00 - 00029620 _____ () C:\Users\Dadmar Petri\Downloads\Addition.txt
2015-04-10 10:59 - 2015-04-10 11:00 - 00038002 _____ () C:\Users\Dadmar Petri\Downloads\FRST.txt
2015-04-10 10:58 - 2015-04-12 19:23 - 00000000 ____D () C:\FRST
2015-04-10 10:57 - 2015-04-10 10:57 - 01135104 _____ (Farbar) C:\Users\Dadmar Petri\Downloads\FRST.exe
2015-04-09 15:39 - 2015-04-09 15:39 - 00000000 ____D () C:\Users\Dadmar Petri\Desktop\Malware
2015-04-09 12:05 - 2015-04-09 12:05 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018(2).exe
2015-04-09 11:38 - 2015-04-09 11:38 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018(1).exe
2015-04-09 11:19 - 2015-04-09 11:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 11:18 - 2015-04-09 11:18 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-08 09:35 - 2015-04-12 19:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-07 13:43 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\SlimService
2015-04-07 13:43 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2015-04-07 13:43 - 2015-04-07 13:43 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2015-04-07 13:42 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\DriverUpdate
2015-04-07 13:42 - 2015-04-07 17:51 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\SlimWare Utilities Inc
2015-04-01 00:59 - 2015-04-12 11:37 - 00002542 _____ () C:\Windows\diagwrn.xml
2015-04-01 00:59 - 2015-04-12 11:37 - 00001890 _____ () C:\Windows\diagerr.xml
2015-04-01 00:53 - 2015-04-01 00:53 - 00394480 _____ () C:\Users\Dadmar Petri\Downloads\hijackthis(1).exe
2015-04-01 00:49 - 2015-04-01 00:49 - 00005168 _____ () C:\Users\Dadmar Petri\Downloads\hijackthis.log
2015-04-01 00:47 - 2015-04-01 00:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dadmar Petri\Downloads\HijackThis.exe
2015-03-31 23:09 - 2015-04-08 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2015-03-31 23:09 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\OkayFreedom
2015-03-31 23:09 - 2015-04-01 01:15 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Steganos VPN
2015-03-31 23:09 - 2015-03-31 23:15 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Steganos
2015-03-31 23:09 - 2015-03-31 23:09 - 00001031 _____ () C:\Users\Public\Desktop\OkayFreedom.lnk
2015-03-31 23:09 - 2015-03-31 23:09 - 00000000 ____D () C:\Program Files\Common Files\Steganos
2015-03-31 21:52 - 2015-04-12 18:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-31 21:52 - 2015-04-09 22:16 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-31 21:52 - 2015-04-09 22:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-31 21:52 - 2015-03-31 21:52 - 01055936 _____ (Adobe) C:\Users\Dadmar Petri\Downloads\install_flashplayer17x32_mssd_aaa_aih.exe
2015-03-31 21:08 - 2015-03-31 21:08 - 00243576 _____ () C:\Users\Dadmar Petri\Downloads\Firefox Setup Stub 37.0.exe
2015-03-30 23:41 - 2015-03-31 21:45 - 00000000 ____D () C:\Program Files\Learn to Play Bridge 2
2015-03-30 23:41 - 2015-03-30 23:41 - 02062482 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Dadmar Petri\Downloads\ltpb2setup.exe
2015-03-30 11:33 - 2015-03-31 21:45 - 00286720 _____ (Indigo Rose Corporation) C:\Windows\iun506.exe
2015-03-30 11:33 - 2015-03-30 11:33 - 01865951 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Dadmar Petri\Downloads\ltpb1setup.exe
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\UpdatusUser\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\Hans Leo\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\Dadmar Petri\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Learn to Play Bridge
2015-03-30 11:33 - 2015-03-30 11:33 - 00000000 ____D () C:\Program Files\Learn to Play Bridge
2015-03-30 11:24 - 2015-03-30 11:24 - 00698138 _____ () C:\Users\Dadmar Petri\Downloads\bbo_shortcut.exe
2015-03-30 00:14 - 2015-03-20 15:27 - 25808896 _____ () C:\Users\Dadmar Petri\Documents\Büro_2015_24.03.15.mdb
2015-03-26 18:08 - 2015-03-26 18:08 - 00462552 _____ () C:\Windows\Minidump\032615-20139-01.dmp
2015-03-23 16:06 - 2015-03-26 17:15 - 00000000 ____D () C:\e79d95644af82acfec248548e1a8067b
2015-03-23 16:05 - 2015-03-23 16:09 - 373578968 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\office2007sp3-kb2526086-fullfile-de-de.exe
2015-03-23 16:05 - 2015-03-23 16:07 - 08676128 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\Windows7UpgradeAdvisorSetup.exe
2015-03-23 16:05 - 2015-03-23 16:06 - 40888512 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\Windows-KB890830-V5.22.exe
2015-03-23 16:05 - 2015-03-23 16:06 - 39074536 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\FileFormatConverters(1).exe
2015-03-23 13:57 - 2015-03-23 13:57 - 00462936 _____ () C:\Windows\Minidump\032315-32775-01.dmp
2015-03-23 12:24 - 2015-03-23 12:24 - 00031282 _____ () C:\Users\Dadmar Petri\Documents\Die Uhus.dotx
2015-03-23 10:50 - 2015-03-23 10:50 - 00463416 _____ () C:\Windows\Minidump\032315-21309-01.dmp
2015-03-18 13:11 - 2015-03-29 20:11 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-16 13:42 - 2015-03-16 13:42 - 00462864 _____ () C:\Windows\Minidump\031615-20280-01.dmp
2015-03-15 01:14 - 2015-03-15 01:14 - 00475440 _____ () C:\Windows\Minidump\031515-20030-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-12 19:19 - 2014-11-20 15:28 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-12 19:19 - 2014-11-20 01:14 - 00001368 _____ () C:\Windows\Tasks\UTLKMTU.job
2015-04-12 19:19 - 2014-11-20 01:13 - 00001366 _____ () C:\Windows\Tasks\FUPWXF.job
2015-04-12 19:19 - 2014-11-19 22:59 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-12 19:19 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 19:19 - 2009-07-14 06:39 - 00001141 _____ () C:\Windows\setupact.log
2015-04-12 19:18 - 2014-11-19 23:40 - 00968790 _____ () C:\Windows\PFRO.log
2015-04-12 19:08 - 2014-11-19 16:32 - 01836315 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 12:10 - 2009-07-14 06:34 - 00002526 _____ () C:\Windows\DtcInstall.log
2015-04-12 12:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-04-12 11:42 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 11:42 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 11:38 - 2014-11-19 17:52 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 11:37 - 2009-07-14 06:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-11 14:41 - 2014-11-20 01:18 - 00000000 ____D () C:\ProgramData\Avira
2015-04-11 14:41 - 2014-11-20 01:18 - 00000000 ____D () C:\Program Files\Avira
2015-04-11 12:37 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-11 12:32 - 2015-01-03 13:51 - 00000000 ____D () C:\AdwCleaner
2015-04-10 10:42 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-09 22:16 - 2014-11-20 01:41 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\Adobe
2015-04-08 19:56 - 2014-12-30 10:50 - 00271360 _____ () C:\Users\Hans Leo\Documents\Kontakte.pst
2015-04-08 09:59 - 2015-01-04 23:59 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-04-08 09:59 - 2014-11-20 01:42 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-08 09:59 - 2014-11-20 00:09 - 00000000 ____D () C:\Users\Hans Leo
2015-04-08 09:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-04-08 09:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-08 09:58 - 2014-11-21 11:08 - 00000000 ____D () C:\Users\Hans Leo\AppData\Local\Mozilla
2015-04-08 09:58 - 2014-11-20 01:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-08 09:58 - 2014-11-20 00:52 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\Mozilla
2015-04-08 09:57 - 2014-01-18 12:16 - 00000000 __RHD () C:\MSOCache
2015-04-08 09:13 - 2014-11-19 18:30 - 00000000 ____D () C:\Users\Dadmar Petri
2015-04-01 19:22 - 2014-11-20 13:46 - 00065464 _____ () C:\Users\Hans Leo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-01 00:54 - 2014-11-29 14:48 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\dlg
2015-04-01 00:48 - 2014-11-19 18:30 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\VirtualStore
2015-03-31 22:11 - 2009-07-14 06:33 - 00303112 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-31 20:37 - 2014-11-19 23:59 - 00065464 _____ () C:\Users\Dadmar Petri\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-31 20:14 - 2014-11-23 20:04 - 00000000 ____D () C:\Users\Dadmar Petri\Documents\DIE UHUS
2015-03-31 19:18 - 2014-11-19 22:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-31 19:17 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2015-03-29 20:54 - 2015-01-12 20:57 - 00000000 ____D () C:\Windows\pss
2015-03-29 20:11 - 2015-01-02 13:41 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-29 09:03 - 2015-01-02 13:42 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-28 19:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-26 18:08 - 2015-01-03 16:50 - 321192056 _____ () C:\Windows\MEMORY.DMP
2015-03-26 18:08 - 2015-01-03 16:50 - 00000000 ____D () C:\Windows\Minidump
2015-03-26 17:15 - 2015-01-03 16:48 - 00000000 ____D () C:\NVIDIA
2015-03-26 17:15 - 2014-11-30 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-26 17:15 - 2014-11-30 21:07 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-26 17:15 - 2014-11-28 23:40 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
==================== Files in the root of some directories =======
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Dadmar Petri\AppData\Roaming\FUPWXF
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Dadmar Petri\AppData\Roaming\UTLKMTU
2014-12-20 10:45 - 2014-12-20 10:45 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Dadmar Petri\AppData\Local\Temp\AskSLib.dll
C:\Users\Dadmar Petri\AppData\Local\Temp\avgnt.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\BackupSetup.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\MSNEE75.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\ose00000.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\Quarantine.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\setup_337.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\sqlite3.dll
C:\Users\Dadmar Petri\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\_is3FAE.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\_is8574.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\_is9A89.exe
C:\Users\Hans Leo\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-25 10:42
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015
Ran by Dadmar Petri (administrator) on DAGMAR on 12-04-2015 20:30:27
Running from C:\Users\Dadmar Petri\Desktop
Loaded Profiles: Dadmar Petri & UpdatusUser (Available profiles: Dadmar Petri & Hans Leo & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Steganos Software GmbH) C:\Program Files\OkayFreedom\OkayFreedomService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mbot_de_292] => [X]
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files\OkayFreedom\OkayFreedomClient.exe [6553000 2015-02-18] (Steganos Software GmbH)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\MountPoints2: {1114a94f-70d1-11e4-8c49-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\...\Run: [InetStat] => C:\Users\UpdatusUser\AppData\Roaming\InetStat\inetstat.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\...\Run: [clicup-Agent] => C:\Users\UpdatusUser\AppData\Local\clicup\chrmndr.exe
Startup: C:\Users\Hans Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2pe3cBiUP2kjpCxARPJjGyrOgOPN7jaCfiLR6DLYFTCl6cPZmG0a45XDbr5kt5nQ,,
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1416436823&from=brd&uid=WDCXWD10EURX-73FH1Y0_WD-WCC1U498012680126
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzzyDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0Ezz0C0DzytDyBtGtCzy0CzztG0C0FyEyBtGtAtCtD0DtGtCtDtBzyzy0Fzy0DyCtDtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0EyEtC0ByE0FtG0AyEyD0FtGyEtDyCyCtGzytCyD0EtGtBzytDtA0EyBzz0C0AtB0F0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyCyDyD%26cr%3D761057204%26a%3Dwny_secureddownload_15_14%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzzyDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0Ezz0C0DzytDyBtGtCzy0CzztG0C0FyEyBtGtAtCtD0DtGtCtDtBzyzy0Fzy0DyCtDtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0EyEtC0ByE0FtG0AyEyD0FtGyEtDyCyCtGzytCyD0EtGtBzytDtA0EyBzz0C0AtB0F0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyCyDyD%26cr%3D761057204%26a%3Dwny_secureddownload_15_14%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1004 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1004 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\nt2ty56p.Hans Leo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-31] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\3cdxsn3p.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR Profile: C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-29]
CHR Extension: (YouTube) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Google Sheets) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Gmail) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-17] (Avira Operations GmbH & Co. KG)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24608 2009-07-17] (NVIDIA Corporation)
R3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-08-27] (NXP Semiconductors Germany GmbH)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-12 19:31 - 2015-04-12 19:31 - 00243656 _____ () C:\Users\Dadmar Petri\Desktop\Firefox Setup Stub 37.0.1.exe
2015-04-12 19:22 - 2015-04-12 19:22 - 00020262 _____ () C:\Users\Dadmar Petri\Desktop\Addition.txt
2015-04-12 19:21 - 2015-04-12 20:30 - 00016582 _____ () C:\Users\Dadmar Petri\Desktop\FRST.txt
2015-04-12 19:12 - 2015-04-12 19:12 - 01135616 _____ (Farbar) C:\Users\Dadmar Petri\Desktop\FRST.exe
2015-04-12 12:03 - 2015-04-12 12:06 - 00001022 _____ () C:\Windows\comsetup.log
2015-04-12 11:53 - 2015-04-12 11:53 - 00000000 ____D () C:\$WINDOWS.~LS
2015-04-12 11:51 - 2015-04-12 11:51 - 00000000 ____D () C:\$WINDOWS.~BT
2015-04-12 09:34 - 2015-04-12 09:34 - 00000632 _____ () C:\Users\Dadmar Petri\Desktop\JRT.txt
2015-04-12 09:20 - 2015-04-12 09:20 - 02686959 _____ (Thisisu) C:\Users\Dadmar Petri\Desktop\JRT.exe
2015-04-11 19:49 - 2015-04-11 19:49 - 40676944 _____ () C:\Users\Dadmar Petri\Desktop\Firefox_Setup_37.0.1.exe
2015-04-11 14:45 - 2015-04-11 14:45 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Avira
2015-04-11 14:41 - 2015-03-17 13:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-11 14:38 - 2015-04-11 14:38 - 00001165 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-11 14:37 - 2015-04-11 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-11 14:37 - 2015-04-11 14:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-11 14:34 - 2015-04-11 14:34 - 04625104 _____ (Avira Operations GmbH & Co. KG) C:\Users\Dadmar Petri\Desktop\avira_de_av_5529133b5619d__wsm.exe
2015-04-11 14:24 - 2015-04-11 14:51 - 00000000 ____D () C:\Program Files\Common Files\c716fd70-872c-4aaa-a07f-e248365d7f56
2015-04-11 14:24 - 2015-04-11 14:38 - 00000000 ____D () C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56
2015-04-11 14:24 - 2015-04-11 14:24 - 105603488 _____ () C:\Users\Dadmar Petri\Downloads\avira-antivirus.exe
2015-04-11 14:24 - 2015-04-11 14:24 - 00000000 ____D () C:\Program Files\Assist Point
2015-04-11 13:45 - 2015-04-11 13:45 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAGMAR-Windows-7-Home-Premium-(32-bit).dat
2015-04-11 13:45 - 2015-04-11 13:45 - 00000000 ____D () C:\RegBackup
2015-04-11 11:50 - 2015-04-11 11:50 - 02217984 _____ () C:\Users\Dadmar Petri\Desktop\AdwCleaner_4.201.exe
2015-04-10 11:00 - 2015-04-10 11:00 - 00029620 _____ () C:\Users\Dadmar Petri\Downloads\Addition.txt
2015-04-10 10:59 - 2015-04-10 11:00 - 00038002 _____ () C:\Users\Dadmar Petri\Downloads\FRST.txt
2015-04-10 10:58 - 2015-04-12 20:30 - 00000000 ____D () C:\FRST
2015-04-10 10:57 - 2015-04-10 10:57 - 01135104 _____ (Farbar) C:\Users\Dadmar Petri\Downloads\FRST.exe
2015-04-09 15:39 - 2015-04-09 15:39 - 00000000 ____D () C:\Users\Dadmar Petri\Desktop\Malware
2015-04-09 12:05 - 2015-04-09 12:05 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018(2).exe
2015-04-09 11:38 - 2015-04-09 11:38 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018(1).exe
2015-04-09 11:19 - 2015-04-09 11:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 11:18 - 2015-04-09 11:18 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-08 09:35 - 2015-04-12 19:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-07 13:43 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\SlimService
2015-04-07 13:43 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2015-04-07 13:43 - 2015-04-07 13:43 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2015-04-07 13:42 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\DriverUpdate
2015-04-07 13:42 - 2015-04-07 17:51 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\SlimWare Utilities Inc
2015-04-01 00:59 - 2015-04-12 11:37 - 00002542 _____ () C:\Windows\diagwrn.xml
2015-04-01 00:59 - 2015-04-12 11:37 - 00001890 _____ () C:\Windows\diagerr.xml
2015-04-01 00:53 - 2015-04-01 00:53 - 00394480 _____ () C:\Users\Dadmar Petri\Downloads\hijackthis(1).exe
2015-04-01 00:49 - 2015-04-01 00:49 - 00005168 _____ () C:\Users\Dadmar Petri\Downloads\hijackthis.log
2015-04-01 00:47 - 2015-04-01 00:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dadmar Petri\Downloads\HijackThis.exe
2015-03-31 23:09 - 2015-04-08 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2015-03-31 23:09 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\OkayFreedom
2015-03-31 23:09 - 2015-04-01 01:15 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Steganos VPN
2015-03-31 23:09 - 2015-03-31 23:15 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Steganos
2015-03-31 23:09 - 2015-03-31 23:09 - 00001031 _____ () C:\Users\Public\Desktop\OkayFreedom.lnk
2015-03-31 23:09 - 2015-03-31 23:09 - 00000000 ____D () C:\Program Files\Common Files\Steganos
2015-03-31 21:52 - 2015-04-12 19:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-31 21:52 - 2015-04-09 22:16 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-31 21:52 - 2015-04-09 22:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-31 21:52 - 2015-03-31 21:52 - 01055936 _____ (Adobe) C:\Users\Dadmar Petri\Downloads\install_flashplayer17x32_mssd_aaa_aih.exe
2015-03-31 21:08 - 2015-03-31 21:08 - 00243576 _____ () C:\Users\Dadmar Petri\Downloads\Firefox Setup Stub 37.0.exe
2015-03-30 23:41 - 2015-03-31 21:45 - 00000000 ____D () C:\Program Files\Learn to Play Bridge 2
2015-03-30 23:41 - 2015-03-30 23:41 - 02062482 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Dadmar Petri\Downloads\ltpb2setup.exe
2015-03-30 11:33 - 2015-03-31 21:45 - 00286720 _____ (Indigo Rose Corporation) C:\Windows\iun506.exe
2015-03-30 11:33 - 2015-03-30 11:33 - 01865951 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Dadmar Petri\Downloads\ltpb1setup.exe
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\UpdatusUser\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\Hans Leo\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\Dadmar Petri\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Learn to Play Bridge
2015-03-30 11:33 - 2015-03-30 11:33 - 00000000 ____D () C:\Program Files\Learn to Play Bridge
2015-03-30 11:24 - 2015-03-30 11:24 - 00698138 _____ () C:\Users\Dadmar Petri\Downloads\bbo_shortcut.exe
2015-03-30 00:14 - 2015-03-20 15:27 - 25808896 _____ () C:\Users\Dadmar Petri\Documents\Büro_2015_24.03.15.mdb
2015-03-26 18:08 - 2015-03-26 18:08 - 00462552 _____ () C:\Windows\Minidump\032615-20139-01.dmp
2015-03-23 16:06 - 2015-03-26 17:15 - 00000000 ____D () C:\e79d95644af82acfec248548e1a8067b
2015-03-23 16:05 - 2015-03-23 16:09 - 373578968 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\office2007sp3-kb2526086-fullfile-de-de.exe
2015-03-23 16:05 - 2015-03-23 16:07 - 08676128 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\Windows7UpgradeAdvisorSetup.exe
2015-03-23 16:05 - 2015-03-23 16:06 - 40888512 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\Windows-KB890830-V5.22.exe
2015-03-23 16:05 - 2015-03-23 16:06 - 39074536 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\FileFormatConverters(1).exe
2015-03-23 13:57 - 2015-03-23 13:57 - 00462936 _____ () C:\Windows\Minidump\032315-32775-01.dmp
2015-03-23 12:24 - 2015-03-23 12:24 - 00031282 _____ () C:\Users\Dadmar Petri\Documents\Die Uhus.dotx
2015-03-23 10:50 - 2015-03-23 10:50 - 00463416 _____ () C:\Windows\Minidump\032315-21309-01.dmp
2015-03-18 13:11 - 2015-03-29 20:11 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-16 13:42 - 2015-03-16 13:42 - 00462864 _____ () C:\Windows\Minidump\031615-20280-01.dmp
2015-03-15 01:14 - 2015-03-15 01:14 - 00475440 _____ () C:\Windows\Minidump\031515-20030-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-12 19:33 - 2012-01-31 20:40 - 00000236 _____ () C:\Users\Dadmar Petri\Desktop\Bridge Base Online.url
2015-04-12 19:26 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 19:26 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 19:22 - 2014-11-19 16:32 - 01836315 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 19:19 - 2014-11-20 15:28 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-12 19:19 - 2014-11-20 01:14 - 00001368 _____ () C:\Windows\Tasks\UTLKMTU.job
2015-04-12 19:19 - 2014-11-20 01:13 - 00001366 _____ () C:\Windows\Tasks\FUPWXF.job
2015-04-12 19:19 - 2014-11-19 22:59 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-12 19:19 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 19:19 - 2009-07-14 06:39 - 00001141 _____ () C:\Windows\setupact.log
2015-04-12 19:18 - 2014-11-19 23:40 - 00968790 _____ () C:\Windows\PFRO.log
2015-04-12 12:10 - 2009-07-14 06:34 - 00002526 _____ () C:\Windows\DtcInstall.log
2015-04-12 12:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-04-12 11:38 - 2014-11-19 17:52 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 11:37 - 2009-07-14 06:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-11 14:41 - 2014-11-20 01:18 - 00000000 ____D () C:\ProgramData\Avira
2015-04-11 14:41 - 2014-11-20 01:18 - 00000000 ____D () C:\Program Files\Avira
2015-04-11 12:37 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-11 12:32 - 2015-01-03 13:51 - 00000000 ____D () C:\AdwCleaner
2015-04-10 10:42 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-09 22:16 - 2014-11-20 01:41 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\Adobe
2015-04-08 19:56 - 2014-12-30 10:50 - 00271360 _____ () C:\Users\Hans Leo\Documents\Kontakte.pst
2015-04-08 09:59 - 2015-01-04 23:59 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-04-08 09:59 - 2014-11-20 01:42 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-08 09:59 - 2014-11-20 00:09 - 00000000 ____D () C:\Users\Hans Leo
2015-04-08 09:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-04-08 09:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-08 09:58 - 2014-11-21 11:08 - 00000000 ____D () C:\Users\Hans Leo\AppData\Local\Mozilla
2015-04-08 09:58 - 2014-11-20 01:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-08 09:58 - 2014-11-20 00:52 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\Mozilla
2015-04-08 09:57 - 2014-01-18 12:16 - 00000000 __RHD () C:\MSOCache
2015-04-08 09:13 - 2014-11-19 18:30 - 00000000 ____D () C:\Users\Dadmar Petri
2015-04-01 19:22 - 2014-11-20 13:46 - 00065464 _____ () C:\Users\Hans Leo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-01 00:54 - 2014-11-29 14:48 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\dlg
2015-04-01 00:48 - 2014-11-19 18:30 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\VirtualStore
2015-03-31 22:11 - 2009-07-14 06:33 - 00303112 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-31 20:37 - 2014-11-19 23:59 - 00065464 _____ () C:\Users\Dadmar Petri\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-31 20:14 - 2014-11-23 20:04 - 00000000 ____D () C:\Users\Dadmar Petri\Documents\DIE UHUS
2015-03-31 19:18 - 2014-11-19 22:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-31 19:17 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2015-03-29 20:54 - 2015-01-12 20:57 - 00000000 ____D () C:\Windows\pss
2015-03-29 20:11 - 2015-01-02 13:41 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-29 09:03 - 2015-01-02 13:42 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-28 19:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-26 18:08 - 2015-01-03 16:50 - 321192056 _____ () C:\Windows\MEMORY.DMP
2015-03-26 18:08 - 2015-01-03 16:50 - 00000000 ____D () C:\Windows\Minidump
2015-03-26 17:15 - 2015-01-03 16:48 - 00000000 ____D () C:\NVIDIA
2015-03-26 17:15 - 2014-11-30 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-26 17:15 - 2014-11-30 21:07 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-26 17:15 - 2014-11-28 23:40 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
==================== Files in the root of some directories =======
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Dadmar Petri\AppData\Roaming\FUPWXF
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Dadmar Petri\AppData\Roaming\UTLKMTU
2014-12-20 10:45 - 2014-12-20 10:45 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Dadmar Petri\AppData\Local\Temp\AskSLib.dll
C:\Users\Dadmar Petri\AppData\Local\Temp\avgnt.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\BackupSetup.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\MSNEE75.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\ose00000.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\Quarantine.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\setup_337.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\sqlite3.dll
C:\Users\Dadmar Petri\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\_is3FAE.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\_is8574.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\_is9A89.exe
C:\Users\Hans Leo\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-25 10:42
|
|
13.04.2015, 09:50
| #18 |
| /// the machine /// TB-Ausbilder | Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 Und ESET Onlinescan und Securitycheck???
__________________
__________________ |
|
13.04.2015, 15:56
| #19 |
| | Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 ich habe nach Anweisung den Esetsmart installer heruntergeladen und einen Scan durchgeführt nach der bebilderten Anweisung. Das lief bis ungefähr 50 %, dann ging nichts mehr weiter. Ich habe den Eset deinsalliert und nochmal von der Seite neu installiert. Dann kommt die Meldung, dass mein Computer bereits gescannt wurde und nur noch die Dateien heruntergeladen werden, die noch benötigt werden. Dann wurde bis 5 % gescannt und es ging wieder nicht weiter. Was soll ich tun? daggimaus |
|
14.04.2015, 06:31
| #20 |
| /// the machine /// TB-Ausbilder | Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 ESET weg lassen, dafür das hier: Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.04.2015, 08:48
| #21 |
| | Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 Hallo, hab ich gemacht. Der Scan hat angefangen und jetzt bei 50 % geht es nicht weiter. Dasselbe Phänomen wie bei dem nderen progrmm. Gruß daggimaus Hallo, was ist das denn? Ich hatt das Programm noch nicht beendet und als ich ins Internet auf die Seite hier ging und wieder zurück, lief das Programm weiter. Jetz warte ich mal ab. Gruß daggimaus |
|
14.04.2015, 16:50
| #22 |
| /// the machine /// TB-Ausbilder | Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 mysteriös
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.04.2015, 19:43
| #23 |
| | Scan-Ergebnis von Emsisoft Emergenc KitCode:
ATTFilter Emsisoft Emergency Kit - Version 9.0
Letztes Update: 14.04.2015 09:33:39
Benutzerkonto: DAGMAR\Dadmar Petri
Scan-Einstellungen:
Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, F:\
PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 14.04.2015 17:36:52
C:\Users\DADMAR~1\AppData\Local\Temp\APN-Stub gefunden: Application.Win32.WebToolbar (A)
C:\Users\DADMAR~1\AppData\Local\Temp\APN-Stub gefunden: Application.Win32.WebToolbar (A)
C:\Program Files\DriverUpdate gefunden: Application.InstallDrive (A)
C:\Users\Dadmar Petri\AppData\Local\SlimWare Utilities Inc\DriverUpdate gefunden: Application.InstallDrive (A)
Value: HKEY_USERS\S-1-5-21-941624961-3290542821-2423505712-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-941624961-3290542821-2423505712-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\S-1-5-21-941624961-3290542821-2423505712-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5} gefunden: Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-941624961-3290542821-2423505712-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5} gefunden: Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-941624961-3290542821-2423505712-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5} gefunden: Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-941624961-3290542821-2423505712-1000\SOFTWARE\SMARTBAR gefunden: Application.InstallAd (A)
C:\AdwCleaner\Quarantine\C\Program Files\CinemaxMe-version2.0\24852ac1-7ce1-47a1-be11-fd5c12287df3.crx.vir -> extensionData/plugins/281.js gefunden: Adware.JS.Agent.AC (B)
C:\AdwCleaner\Quarantine\C\Program Files\CinemaxMe-version2.0\24852ac1-7ce1-47a1-be11-fd5c12287df3.xpi.vir -> extensionData/plugins/281.js gefunden: Adware.JS.Agent.AC (B)
C:\AdwCleaner\Quarantine\C\Program Files\CinemaxMe-version2.0\f2106091-a987-4e9e-af5a-faeea27b387e.crx.vir -> extensionData/plugins/281.js gefunden: Adware.JS.Agent.AC (B)
C:\AdwCleaner\Quarantine\C\Program Files\CinemaxMe-version2.0\utils.exe.vir -> (NSIS o) -> lzma_solid_nsis0004 gefunden: Gen:Application.Parj.1 (B)
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir gefunden: Adware.SearchProtect.U (B)
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPtool.dll.vir gefunden: Adware.SearchProtect.U (B)
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir -> (NSIS o) -> lzma_solid_nsis0002 gefunden: Adware.SearchProtect.U (B)
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir -> (NSIS o) -> lzma_solid_nsis0004 -> (NSIS o) -> zlib_nsis0000 gefunden: Application.SearchProtect.R (B)
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir gefunden: Adware.SearchProtect.U (B)
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPtool64.exe.vir gefunden: Adware.SearchProtect.U (B)
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\VC32.dll.vir gefunden: Adware.SearchProtect.U (B)
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir gefunden: Adware.SearchProtect.U (B)
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\VC64.dll.vir gefunden: Adware.SearchProtect.U (B)
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir gefunden: Adware.SearchProtect.U (B)
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir gefunden: Adware.SearchProtect.U (B)
C:\AdwCleaner\Quarantine\C\Users\Dadmar Petri\AppData\Local\clicup\chrmndr.exe.vir gefunden: Adware.Cyclon.A (B)
C:\AdwCleaner\Quarantine\C\Users\Dadmar Petri\AppData\Local\clicup\ClicupHome.exe.vir -> (RAR Sfx o) -> chrmndr.exe gefunden: Adware.Cyclon.A (B)
C:\AdwCleaner\Quarantine\C\Users\Dadmar Petri\AppData\Local\clicup\ClicupHome.exe.vir -> (RAR Sfx o) -> toast.exe gefunden: Adware.Cyclon.A (B)
C:\AdwCleaner\Quarantine\C\Users\Dadmar Petri\AppData\Local\clicup\toast.exe.vir gefunden: Adware.Cyclon.A (B)
C:\AdwCleaner\Quarantine\C\Users\Dadmar Petri\AppData\Local\StormWatch\StormWatchBrowser.exe.vir gefunden: Application.Win32.AdWatch (A)
C:\AdwCleaner\Quarantine\C\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\d1bpz2dw.default-1394125433030\Extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js.vir gefunden: Trojan.JS.Agent.JMG (B)
C:\AdwCleaner\Quarantine\C\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\rz7o2274.default-1403122915722\Extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js.vir gefunden: Trojan.JS.Agent.JMG (B)
C:\AdwCleaner\Quarantine\C\Users\Dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\sowx4lyk.default-1392247579485\Extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js.vir gefunden: Trojan.JS.Agent.JMG (B)
C:\AdwCleaner\Quarantine\C\Users\Dagmar\AppData\Roaming\okitspace\IE\OkitSpace.dll.vir gefunden: Adware.Agent.NZG (B)
C:\AdwCleaner\Quarantine\C\Users\Dagmar\AppData\Roaming\okitspace\protect\files\OKitSpace.dll.vir gefunden: Adware.Agent.NZG (B)
C:\AdwCleaner\Quarantine\C\Users\Hans Leo.Dagmar-PC\AppData\Roaming\Mozilla\Firefox\Profiles\nrh2betl.default\Extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js.vir gefunden: Trojan.JS.Agent.JMG (B)
C:\ProgramData\Avira\Antivirus\INFECTED\0a498d8f.qua -> (Quarantine-8) gefunden: Adware.BrowseFox.CQ (B)
C:\ProgramData\Avira\Antivirus\INFECTED\14a6b4f3.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Kazy.566748 (B)
C:\ProgramData\Avira\Antivirus\INFECTED\4270e8f4.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Kazy.566748 (B)
C:\ProgramData\Avira\Antivirus\INFECTED\45ffa92c.qua -> (Quarantine-8) gefunden: Adware.BrowseFox.CQ (B)
C:\ProgramData\Avira\Antivirus\INFECTED\46f1af4a.qua -> (Quarantine-8) gefunden: Adware.BrowseFox.CQ (B)
C:\ProgramData\Avira\Antivirus\INFECTED\5b18e907.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Kazy.566748 (B)
C:\ProgramData\Avira\Antivirus\INFECTED\7642fdca.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Kazy.566748 (B)
C:\temp\t.msi -> (Embedded CAB) -> CustomActionInstall gefunden: Application.Generic.1163133 (B)
C:\temp\t.msi -> (Embedded CAB) -> IEOptimizer64.dll gefunden: Application.Generic.1063474 (B)
C:\temp\t.msi -> (Embedded EXE) gefunden: Application.Generic.1163133 (B)
C:\Users\Dadmar Petri\AppData\Local\Temp\4EA4tmp\setup.exe -> (NSIS o) -> bzip2_solid_nsis0002 gefunden: Trojan.Generic.12210195 (B)
C:\Users\Dadmar Petri\AppData\Local\Temp\D197tmp\lly_omiga-plus.exe gefunden: Gen:Application.Elex.1 (B)
C:\Users\Dadmar Petri\AppData\Local\Temp\D199tmp\setup.exe -> (NSIS o) -> bzip2_solid_nsis0002 gefunden: Trojan.Generic.12210195 (B)
C:\Users\Dadmar Petri\AppData\Local\Temp\n7531\clicup_1211-047e07e1.exe -> (NSIS o) -> lzma_nsis0002 -> (RAR Sfx o) -> chrmndr.exe gefunden: Adware.Cyclon.A (B)
C:\Users\Dadmar Petri\AppData\Local\Temp\n7531\clicup_1211-047e07e1.exe -> (NSIS o) -> lzma_nsis0002 -> (RAR Sfx o) -> toast.exe gefunden: Adware.Cyclon.A (B)
C:\Users\Dadmar Petri\AppData\Local\Temp\n7531\clicup_1211-047e07e1.exe -> (NSIS o) -> lzma_nsis0005 gefunden: Adware.Cyclon.A (B)
C:\Users\Dadmar Petri\AppData\Local\Temp\n7531\WIE_2.18.1.8.exe -> (NSIS o) -> lzma_solid_nsis0040 gefunden: Trojan.Generic.12956360 (B)
C:\Users\Dadmar Petri\AppData\Local\Temp\n7531\WIE_2.18.1.8.exe -> (NSIS o) -> lzma_solid_nsis0051 gefunden: Gen:Variant.Adware.Graftor.173564 (B)
C:\Users\Dadmar Petri\AppData\Roaming\FUPWXF -> background.js gefunden: Trojan.Script.Agent.FA (B)
C:\Users\Dadmar Petri\AppData\Roaming\UTLKMTU -> content/overlay.js gefunden: Adware.JS.Mplug.A (B)
C:\Users\Dagmar\AppData\Roaming\nationzoom\UpDate.dll gefunden: Application.Win32.InstallTech (A)
C:\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\INBOX -> (message 0) -> [Subject: Invoice 787016 April][Date: Tue, 6 May 2014 12:55:45 +0530] -> (MIME part) -> (MIME part) -> April invoice 717334.pdf -> (BMP) gefunden: Exploit.CVE-2013-2729.Gen (B)
C:\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\INBOX -> (message 0) -> [Subject: Invoice 787016 April][Date: Tue, 6 May 2014 12:55:45 +0530] -> (MIME part) -> (MIME part) -> April invoice 717334.pdf -> (JAVASCRIPT) gefunden: Exploit.JS.PDF.FJ (B)
C:\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\INBOX -> (message 0) -> [Subject: Invoice 787016 April][Date: Tue, 6 May 2014 12:55:45 +0530] -> (MIME part) -> (MIME part) -> April invoice 717334.pdf -> (JAVASCRIPT-COMPILATION) gefunden: Exploit.JS.PDF.FJ (B)
C:\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\INBOX -> (message 14) -> [Subject: Proof of Delivery Report: 05/05/14][Date: Mon, 5 May 2014 18:58:14 +0000] -> (MIME part) -> pod report 05.05.2014-35506035.zip -> pod report 05.05.2014-11902101.exe gefunden: Gen:Variant.Kazy.377287 (B)
C:\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\Trash -> (message 0) -> [Subject: Proof of Delivery Report: 05/05/14][Date: Mon, 5 May 2014 18:58:14 +0000] -> (MIME part) -> pod report 05.05.2014-35506035.zip -> pod report 05.05.2014-11902101.exe gefunden: Gen:Variant.Kazy.377287 (B)
C:\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\Trash -> (message 5) -> [Subject: Invoice 787016 April][Date: Tue, 6 May 2014 12:55:45 +0530] -> (MIME part) -> (MIME part) -> April invoice 717334.pdf -> (BMP) gefunden: Exploit.CVE-2013-2729.Gen (B)
C:\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\Trash -> (message 5) -> [Subject: Invoice 787016 April][Date: Tue, 6 May 2014 12:55:45 +0530] -> (MIME part) -> (MIME part) -> April invoice 717334.pdf -> (JAVASCRIPT) gefunden: Exploit.JS.PDF.FJ (B)
C:\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\Trash -> (message 5) -> [Subject: Invoice 787016 April][Date: Tue, 6 May 2014 12:55:45 +0530] -> (MIME part) -> (MIME part) -> April invoice 717334.pdf -> (JAVASCRIPT-COMPILATION) gefunden: Exploit.JS.PDF.FJ (B)
C:\Windows.old\Program Files\Feven Pro\Uninstall.exe gefunden: Gen:Application.Heur.eqW@lmCdLZai (B)
C:\Windows.old\Program Files\MediaPlayerEnhance\Uninstall.exe gefunden: Gen:Application.Heur.fqX@l4ngO8mi (B)
C:\Windows.old\Program Files\MediaPlayerEnhance\utils.exe gefunden: Application.Win32.InstallTool (A)
C:\Windows.old\Program Files\Plus-HD-7.2\Uninstall.exe gefunden: Gen:Application.Heur.eqX@lGoUhqbi (B)
C:\Windows.old\Program Files\SavingsBull\bootstrap.js gefunden: Adware.Adpeak.L (B)
C:\Windows.old\Program Files\SavingsBull\IEOptimizer64.dll gefunden: Application.Generic.1063474 (B)
C:\Windows.old\Program Files\Uninstaller\Uninstall.exe gefunden: Application.InstallAd (A)
C:\Windows.old\Program Files\Web Protect\PCCertInstaller.dll gefunden: Gen:Adware.WebProtect.1 (B)
C:\Windows.old\Program Files\Web Protect\PCProtect.dll gefunden: Adware.Agent.NXW (B)
C:\Windows.old\Program Files\Web Protect\pcwatch.sys gefunden: Gen:Adware.WebProtect.1 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\0ccf6f8c.qua -> (Quarantine-8) gefunden: Gen:Variant.Zusy.107504 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\1285838d.qua -> (Quarantine-8) gefunden: Application.Generic.1016044 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\15f193cc.qua -> (Quarantine-8) gefunden: Application.Bundler.DomaIQ.Q (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\183cf449.qua -> (Quarantine-8) gefunden: Adware.Agent.NXR (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\1ce314f5.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Graftor.141873 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\2b67aa43.qua -> (Quarantine-8) gefunden: Trojan.Generic.12752903 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\3087d101.qua -> (Quarantine-8) gefunden: Application.Generic.872997 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\3a30842b.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.NewNextMe.1 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\3f504ec3.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Graftor.141873 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\4227848d.qua -> (Quarantine-8) gefunden: Application.Bundler.HG (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\42c08ece.qua -> (Quarantine-8) gefunden: Application.Generic.961669 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\4516a914.qua -> (Quarantine-8) gefunden: Adware.Agent.OFO (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\47907f77.qua -> (Quarantine-8) gefunden: Adware.Agent.ODG (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\4967408d.qua -> (Quarantine-8) gefunden: Adware.Agent.ODG (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\4a639eab.qua -> (Quarantine-8) gefunden: Adware.Agent.NXR (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\4eef3938.qua -> (Quarantine-8) gefunden: Gen:Variant.Zusy.107504 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\50d34775.qua -> (Quarantine-8) -> (Instyler o) -> (Instyler Module 0) gefunden: Trojan.GenericKD.1698677 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\50e940f6.qua -> (Quarantine-8) -> (Instyler o) -> (Instyler Module 0) gefunden: Trojan.GenericKD.1698677 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\5133cf01.qua -> (Quarantine-8) -> (Instyler o) -> (Instyler Module 0) gefunden: Trojan.GenericKD.1698677 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\515e7568.qua -> (Quarantine-8) gefunden: Trojan.GenericKD.2188191 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\51f061a6.qua -> (Quarantine-8) gefunden: Adware.Agent.ODG (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\5275f454.qua -> (Quarantine-8) gefunden: Gen:Variant.Application.Bundler.5 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\52f48b90.qua -> (Quarantine-8) gefunden: Adware.Agent.NXR (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\539c383c.qua -> (Quarantine-8) gefunden: Adware.Adpeak.K (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\54042667.qua -> (Quarantine-8) gefunden: Trojan.Generic.11625666 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\544bf8dc.qua -> (Quarantine-8) -> (NSIS o) -> lzma_solid_nsis0007 gefunden: Gen:Variant.Adware.Graftor.133169 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\546c7290.qua -> (Quarantine-8) gefunden: Trojan.Generic.11625666 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\547039ba.qua -> (Quarantine-8) gefunden: Trojan.Generic.11625666 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\547f9d98.qua -> (Quarantine-8) gefunden: Trojan.Generic.11625666 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\548599ed.qua -> (Quarantine-8) gefunden: Trojan.Generic.11625666 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\552eaf71.qua -> (Quarantine-8) gefunden: Trojan.Generic.11625666 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\55361020.qua -> (Quarantine-8) gefunden: Gen:Variant.Application.Bundler.OptimumInstaller.3 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\55814f5c.qua -> (Quarantine-8) gefunden: Trojan.Generic.11625666 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\55dcbcc8.qua -> (Quarantine-8) gefunden: Trojan.Generic.11625666 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\5617cfb0.qua -> (Quarantine-8) gefunden: Trojan.Generic.11625666 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\56781863.qua -> (Quarantine-8) gefunden: Gen:Variant.Zusy.107504 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\567c7aa1.qua -> (Quarantine-8) gefunden: Trojan.Generic.11625666 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\56b5f4a9.qua -> (Quarantine-8) gefunden: Trojan.Generic.11625666 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\5fe9d4fc.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.NewNextMe.1 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\6647f433.qua -> (Quarantine-8) gefunden: Adware.Generic.1178286 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\6e41f514.qua -> (Quarantine-8) gefunden: Adware.Generic.1068408 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\79c8f391.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.NewNextMe.1 (B)
C:\Windows.old\ProgramData\Avira\AntiVir Desktop\INFECTED\7ad455bb.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Graftor.141873 (B)
C:\Windows.old\ProgramData\WPM\wprotectmanager.exe gefunden: Adware.WProtManager.A (B)
C:\Windows.old\Users\Dagmar\AppData\Roaming\nationzoom\UpDate.dll gefunden: Application.Win32.InstallTech (A)
C:\Windows.old\Users\Dagmar\AppData\Roaming\okitspace\IE\OkitSpace.dll gefunden: Adware.Agent.NZG (B)
C:\Windows.old\Users\Dagmar\AppData\Roaming\okitspace\protect\files\OKitSpace.dll gefunden: Adware.Agent.NZG (B)
C:\Windows.old\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\INBOX -> (message 0) -> [Subject: Invoice 787016 April][Date: Tue, 6 May 2014 12:55:45 +0530] -> (MIME part) -> (MIME part) -> April invoice 717334.pdf -> (BMP) gefunden: Exploit.CVE-2013-2729.Gen (B)
C:\Windows.old\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\INBOX -> (message 0) -> [Subject: Invoice 787016 April][Date: Tue, 6 May 2014 12:55:45 +0530] -> (MIME part) -> (MIME part) -> April invoice 717334.pdf -> (JAVASCRIPT) gefunden: Exploit.JS.PDF.FJ (B)
C:\Windows.old\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\INBOX -> (message 0) -> [Subject: Invoice 787016 April][Date: Tue, 6 May 2014 12:55:45 +0530] -> (MIME part) -> (MIME part) -> April invoice 717334.pdf -> (JAVASCRIPT-COMPILATION) gefunden: Exploit.JS.PDF.FJ (B)
C:\Windows.old\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\INBOX -> (message 14) -> [Subject: Proof of Delivery Report: 05/05/14][Date: Mon, 5 May 2014 18:58:14 +0000] -> (MIME part) -> pod report 05.05.2014-35506035.zip -> pod report 05.05.2014-11902101.exe gefunden: Gen:Variant.Kazy.377287 (B)
C:\Windows.old\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\Trash -> (message 0) -> [Subject: Proof of Delivery Report: 05/05/14][Date: Mon, 5 May 2014 18:58:14 +0000] -> (MIME part) -> pod report 05.05.2014-35506035.zip -> pod report 05.05.2014-11902101.exe gefunden: Gen:Variant.Kazy.377287 (B)
C:\Windows.old\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\Trash -> (message 5) -> [Subject: Invoice 787016 April][Date: Tue, 6 May 2014 12:55:45 +0530] -> (MIME part) -> (MIME part) -> April invoice 717334.pdf -> (BMP) gefunden: Exploit.CVE-2013-2729.Gen (B)
C:\Windows.old\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\Trash -> (message 5) -> [Subject: Invoice 787016 April][Date: Tue, 6 May 2014 12:55:45 +0530] -> (MIME part) -> (MIME part) -> April invoice 717334.pdf -> (JAVASCRIPT) gefunden: Exploit.JS.PDF.FJ (B)
C:\Windows.old\Users\Dagmar\AppData\Roaming\Thunderbird\Profiles\dkum7ocy.default\ImapMail\imap.unitybox.de\Trash -> (message 5) -> [Subject: Invoice 787016 April][Date: Tue, 6 May 2014 12:55:45 +0530] -> (MIME part) -> (MIME part) -> April invoice 717334.pdf -> (JAVASCRIPT-COMPILATION) gefunden: Exploit.JS.PDF.FJ (B)
C:\Windows.old\Windows\Installer\116ee.msi -> (Embedded CAB) -> CustomActionInstall gefunden: Application.Generic.1163133 (B)
C:\Windows.old\Windows\Installer\116ee.msi -> (Embedded CAB) -> IEOptimizer64.dll gefunden: Application.Generic.1063474 (B)
C:\Windows.old\Windows\Installer\116ee.msi -> (Embedded EXE) gefunden: Application.Generic.1163133 (B)
C:\Windows.old\Windows\System32\PCProtect.dll gefunden: Adware.Agent.NXW (B)
Gescannt 479079
Gefunden 134
Scan-Ende: 14.04.2015 20:08:04
Scan-Zeit: 2:31:12
Code:
ATTFilter Results of screen317's Security Check version 1.00
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 17.0.0.134
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-04-2015
Ran by Dadmar Petri (administrator) on DAGMAR on 14-04-2015 20:40:01
Running from C:\Users\Dadmar Petri\Downloads
Loaded Profiles: Dadmar Petri & Hans Leo & UpdatusUser (Available profiles: Dadmar Petri & Hans Leo & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Steganos Software GmbH) C:\Program Files\OkayFreedom\OkayFreedomService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
() C:\Users\Dadmar Petri\Desktop\SecurityCheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mbot_de_292] => [X]
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files\OkayFreedom\OkayFreedomClient.exe [6553000 2015-02-18] (Steganos Software GmbH)
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\...\Run: [InetStat] => C:\Users\Hans Leo\AppData\Roaming\InetStat\inetstat.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\...\Run: [clicup-Agent] => C:\Users\Hans Leo\AppData\Local\clicup\chrmndr.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\...\Run: [InetStat] => C:\Users\UpdatusUser\AppData\Roaming\InetStat\inetstat.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\...\Run: [clicup-Agent] => C:\Users\UpdatusUser\AppData\Local\clicup\chrmndr.exe
Startup: C:\Users\Hans Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
BootExecute: autocheck autochk * C:\Windows\system32\eamclean.exe \??\C:\Windows\system32\eamclean.dat eamcleanC:\Windows\system32\eamclean.exe \??\C:\Windows\system32\eamclean.dat eamcleanC:\Windows\system32\eamclean.exe \??\C:\Windows\system32\eamclean.dat eamclean
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1416436823&from=brd&uid=WDCXWD10EURX-73FH1Y0_WD-WCC1U498012680126
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSHw,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2pe3cBiUP2kjpCxARPJjGyrOgOPN7jaCfiLR6DLYFTCl6cPZmG0a45XDbr5kt5nQ,,
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1416436823&from=brd&uid=WDCXWD10EURX-73FH1Y0_WD-WCC1U498012680126
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1004 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\qwtqktli.Standard-Benutzer
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-31] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\3cdxsn3p.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR Profile: C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-29]
CHR Extension: (YouTube) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Google Sheets) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Gmail) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 A2DDA; C:\EEK\bin\a2ddax86.sys [22056 2015-04-14] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-17] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-04-14] (Emsisoft GmbH)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24608 2009-07-17] (NVIDIA Corporation)
R3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-08-27] (NXP Semiconductors Germany GmbH)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-14 20:39 - 2015-04-14 20:39 - 00000000 ____D () C:\Users\Dadmar Petri\Downloads\FRST-OlderVersion
2015-04-14 20:12 - 2015-04-14 20:12 - 00072704 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2015-04-14 20:12 - 2015-04-14 20:12 - 00000386 _____ () C:\Windows\system32\eamclean.dat
2015-04-14 15:30 - 2015-04-14 15:30 - 00466488 _____ () C:\Windows\Minidump\041415-36629-01.dmp
2015-04-14 12:24 - 2015-04-14 12:24 - 00465824 _____ () C:\Windows\Minidump\041415-22432-01.dmp
2015-04-14 09:26 - 2015-04-14 17:36 - 00000000 ____D () C:\EEK
2015-04-13 16:42 - 2015-04-13 16:42 - 00852616 _____ () C:\Users\Dadmar Petri\Desktop\SecurityCheck.exe
2015-04-12 19:31 - 2015-04-12 19:31 - 00243656 _____ () C:\Users\Dadmar Petri\Desktop\Firefox Setup Stub 37.0.1.exe
2015-04-12 19:21 - 2015-04-12 20:31 - 00032041 _____ () C:\Users\Dadmar Petri\Desktop\FRST.txt
2015-04-12 12:03 - 2015-04-12 12:06 - 00001022 _____ () C:\Windows\comsetup.log
2015-04-12 11:53 - 2015-04-12 11:53 - 00000000 ____D () C:\$WINDOWS.~LS
2015-04-12 11:51 - 2015-04-12 11:51 - 00000000 ____D () C:\$WINDOWS.~BT
2015-04-11 19:49 - 2015-04-11 19:49 - 40676944 _____ () C:\Users\Dadmar Petri\Desktop\Firefox_Setup_37.0.1.exe
2015-04-11 14:45 - 2015-04-11 14:45 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Avira
2015-04-11 14:41 - 2015-03-17 13:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-11 14:38 - 2015-04-11 14:38 - 00001165 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-11 14:37 - 2015-04-11 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-11 14:37 - 2015-04-11 14:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-11 14:34 - 2015-04-11 14:34 - 04625104 _____ (Avira Operations GmbH & Co. KG) C:\Users\Dadmar Petri\Desktop\avira_de_av_5529133b5619d__wsm.exe
2015-04-11 14:24 - 2015-04-11 14:51 - 00000000 ____D () C:\Program Files\Common Files\c716fd70-872c-4aaa-a07f-e248365d7f56
2015-04-11 14:24 - 2015-04-11 14:38 - 00000000 ____D () C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56
2015-04-11 14:24 - 2015-04-11 14:24 - 105603488 _____ () C:\Users\Dadmar Petri\Downloads\avira-antivirus.exe
2015-04-11 13:45 - 2015-04-11 13:45 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAGMAR-Windows-7-Home-Premium-(32-bit).dat
2015-04-11 13:45 - 2015-04-11 13:45 - 00000000 ____D () C:\RegBackup
2015-04-10 11:00 - 2015-04-10 11:00 - 00029620 _____ () C:\Users\Dadmar Petri\Downloads\Addition.txt
2015-04-10 10:59 - 2015-04-14 20:40 - 00015740 _____ () C:\Users\Dadmar Petri\Downloads\FRST.txt
2015-04-10 10:58 - 2015-04-14 20:40 - 00000000 ____D () C:\FRST
2015-04-10 10:57 - 2015-04-14 20:39 - 01135616 _____ (Farbar) C:\Users\Dadmar Petri\Downloads\FRST.exe
2015-04-09 12:05 - 2015-04-09 12:05 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018(2).exe
2015-04-09 11:38 - 2015-04-09 11:38 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018(1).exe
2015-04-09 11:19 - 2015-04-09 11:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 11:18 - 2015-04-09 11:18 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-08 09:35 - 2015-04-13 23:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-07 13:43 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\SlimService
2015-04-07 13:43 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2015-04-07 13:43 - 2015-04-07 13:43 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2015-04-07 13:42 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\DriverUpdate
2015-04-07 13:42 - 2015-04-07 17:51 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\SlimWare Utilities Inc
2015-04-01 00:59 - 2015-04-12 11:37 - 00002542 _____ () C:\Windows\diagwrn.xml
2015-04-01 00:59 - 2015-04-12 11:37 - 00001890 _____ () C:\Windows\diagerr.xml
2015-04-01 00:49 - 2015-04-01 00:49 - 00005168 _____ () C:\Users\Dadmar Petri\Downloads\hijackthis.log
2015-04-01 00:47 - 2015-04-01 00:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dadmar Petri\Downloads\HijackThis.exe
2015-03-31 23:09 - 2015-04-08 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2015-03-31 23:09 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\OkayFreedom
2015-03-31 23:09 - 2015-04-01 01:15 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Steganos VPN
2015-03-31 23:09 - 2015-03-31 23:15 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Steganos
2015-03-31 23:09 - 2015-03-31 23:09 - 00001031 _____ () C:\Users\Public\Desktop\OkayFreedom.lnk
2015-03-31 23:09 - 2015-03-31 23:09 - 00000000 ____D () C:\Program Files\Common Files\Steganos
2015-03-31 21:52 - 2015-04-14 19:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-31 21:52 - 2015-04-09 22:16 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-31 21:52 - 2015-04-09 22:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-31 21:52 - 2015-03-31 21:52 - 01055936 _____ (Adobe) C:\Users\Dadmar Petri\Downloads\install_flashplayer17x32_mssd_aaa_aih.exe
2015-03-31 21:08 - 2015-03-31 21:08 - 00243576 _____ () C:\Users\Dadmar Petri\Downloads\Firefox Setup Stub 37.0.exe
2015-03-30 23:41 - 2015-03-31 21:45 - 00000000 ____D () C:\Program Files\Learn to Play Bridge 2
2015-03-30 23:41 - 2015-03-30 23:41 - 02062482 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Dadmar Petri\Downloads\ltpb2setup.exe
2015-03-30 11:33 - 2015-03-31 21:45 - 00286720 _____ (Indigo Rose Corporation) C:\Windows\iun506.exe
2015-03-30 11:33 - 2015-03-30 11:33 - 01865951 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Dadmar Petri\Downloads\ltpb1setup.exe
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\UpdatusUser\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\Hans Leo\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\Dadmar Petri\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Learn to Play Bridge
2015-03-30 11:33 - 2015-03-30 11:33 - 00000000 ____D () C:\Program Files\Learn to Play Bridge
2015-03-30 11:24 - 2015-03-30 11:24 - 00698138 _____ () C:\Users\Dadmar Petri\Downloads\bbo_shortcut.exe
2015-03-30 00:14 - 2015-03-20 15:27 - 25808896 _____ () C:\Users\Dadmar Petri\Documents\Büro_2015_24.03.15.mdb
2015-03-26 18:08 - 2015-03-26 18:08 - 00462552 _____ () C:\Windows\Minidump\032615-20139-01.dmp
2015-03-23 16:06 - 2015-03-26 17:15 - 00000000 ____D () C:\e79d95644af82acfec248548e1a8067b
2015-03-23 16:05 - 2015-03-23 16:09 - 373578968 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\office2007sp3-kb2526086-fullfile-de-de.exe
2015-03-23 16:05 - 2015-03-23 16:07 - 08676128 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\Windows7UpgradeAdvisorSetup.exe
2015-03-23 16:05 - 2015-03-23 16:06 - 40888512 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\Windows-KB890830-V5.22.exe
2015-03-23 16:05 - 2015-03-23 16:06 - 39074536 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\FileFormatConverters(1).exe
2015-03-23 13:57 - 2015-03-23 13:57 - 00462936 _____ () C:\Windows\Minidump\032315-32775-01.dmp
2015-03-23 12:24 - 2015-03-23 12:24 - 00031282 _____ () C:\Users\Dadmar Petri\Documents\Die Uhus.dotx
2015-03-23 10:50 - 2015-03-23 10:50 - 00463416 _____ () C:\Windows\Minidump\032315-21309-01.dmp
2015-03-18 13:11 - 2015-03-29 20:11 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-16 13:42 - 2015-03-16 13:42 - 00462864 _____ () C:\Windows\Minidump\031615-20280-01.dmp
2015-03-15 01:14 - 2015-03-15 01:14 - 00475440 _____ () C:\Windows\Minidump\031515-20030-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-14 20:12 - 2014-01-31 13:38 - 00000000 ____D () C:\temp
2015-04-14 20:12 - 2014-01-18 21:01 - 00000000 ____D () C:\Users\Dagmar\AppData\Roaming\nationzoom
2015-04-14 19:54 - 2014-11-19 16:32 - 01938378 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 17:06 - 2014-11-20 01:14 - 00001368 _____ () C:\Windows\Tasks\UTLKMTU.job
2015-04-14 17:06 - 2014-11-20 01:13 - 00001366 _____ () C:\Windows\Tasks\FUPWXF.job
2015-04-14 17:06 - 2014-11-19 22:59 - 00000430 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-14 15:38 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 15:38 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 15:30 - 2015-01-03 16:50 - 385888152 _____ () C:\Windows\MEMORY.DMP
2015-04-14 15:30 - 2015-01-03 16:50 - 00000000 ____D () C:\Windows\Minidump
2015-04-14 15:30 - 2014-11-20 15:28 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-14 15:30 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 15:30 - 2009-07-14 06:39 - 00001589 _____ () C:\Windows\setupact.log
2015-04-13 23:02 - 2014-11-19 23:40 - 00969864 _____ () C:\Windows\PFRO.log
2015-04-13 20:20 - 2014-12-30 10:50 - 00271360 _____ () C:\Users\Hans Leo\Documents\Kontakte.pst
2015-04-13 20:19 - 2014-11-23 20:04 - 00000000 ____D () C:\Users\Dadmar Petri\Documents\DIE UHUS
2015-04-13 11:47 - 2014-11-19 17:52 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 19:33 - 2012-01-31 20:40 - 00000236 _____ () C:\Users\Dadmar Petri\Desktop\Bridge Base Online.url
2015-04-12 12:10 - 2009-07-14 06:34 - 00002526 _____ () C:\Windows\DtcInstall.log
2015-04-12 12:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-04-12 11:37 - 2009-07-14 06:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-11 14:41 - 2014-11-20 01:18 - 00000000 ____D () C:\ProgramData\Avira
2015-04-11 14:41 - 2014-11-20 01:18 - 00000000 ____D () C:\Program Files\Avira
2015-04-11 12:37 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-11 12:32 - 2015-01-03 13:51 - 00000000 ____D () C:\AdwCleaner
2015-04-10 10:42 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-09 22:16 - 2014-11-20 01:41 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\Adobe
2015-04-08 09:59 - 2015-01-04 23:59 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-04-08 09:59 - 2014-11-20 01:42 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-08 09:59 - 2014-11-20 00:09 - 00000000 ____D () C:\Users\Hans Leo
2015-04-08 09:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-04-08 09:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-08 09:58 - 2014-11-21 11:08 - 00000000 ____D () C:\Users\Hans Leo\AppData\Local\Mozilla
2015-04-08 09:58 - 2014-11-20 01:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-08 09:58 - 2014-11-20 00:52 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\Mozilla
2015-04-08 09:57 - 2014-01-18 12:16 - 00000000 __RHD () C:\MSOCache
2015-04-08 09:13 - 2014-11-19 18:30 - 00000000 ____D () C:\Users\Dadmar Petri
2015-04-01 19:22 - 2014-11-20 13:46 - 00065464 _____ () C:\Users\Hans Leo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-01 00:54 - 2014-11-29 14:48 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\dlg
2015-04-01 00:48 - 2014-11-19 18:30 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\VirtualStore
2015-03-31 22:11 - 2009-07-14 06:33 - 00303112 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-31 20:37 - 2014-11-19 23:59 - 00065464 _____ () C:\Users\Dadmar Petri\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-31 19:18 - 2014-11-19 22:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-31 19:17 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2015-03-29 20:54 - 2015-01-12 20:57 - 00000000 ____D () C:\Windows\pss
2015-03-29 20:11 - 2015-01-02 13:41 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-29 09:03 - 2015-01-02 13:42 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-28 19:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-26 17:15 - 2015-01-03 16:48 - 00000000 ____D () C:\NVIDIA
2015-03-26 17:15 - 2014-11-30 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-26 17:15 - 2014-11-30 21:07 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-26 17:15 - 2014-11-28 23:40 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
==================== Files in the root of some directories =======
2014-12-20 10:45 - 2014-12-20 10:45 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Dadmar Petri\AppData\Local\Temp\AskSLib.dll
C:\Users\Dadmar Petri\AppData\Local\Temp\avgnt.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\BackupSetup.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\MSNEE75.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\ose00000.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\Quarantine.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\setup_337.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\sqlite3.dll
C:\Users\Dadmar Petri\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\_is3FAE.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\_is8574.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\_is9A89.exe
C:\Users\Hans Leo\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-14 16:00
==================== End Of Log ============================
--- --- --- |
|
15.04.2015, 10:55
| #24 |
| /// the machine /// TB-Ausbilder | Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 Funde von EEK auch löschen lassen. Ordner Windows.old komplett löschen. Windows updaten, da fehlen 4 Jahre Updates inklusive Servicepack 1.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.04.2015, 16:35
| #25 |
| | Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 Hallo, der Windows Ordner old lässt sich nicht löschen. Es kommt jedesmal die Meldung, dass die Datei gerade in "use" ist. Ich habe es auch schon amabgesicherten Modus probiert, aber das funktioniert auch nicht. Langsam nervt mich das alles. Was kann ich noch tun.Evt. im DOS Modus den Ordner löschen. Was muss ich eingeben, um in diesen Modus zu kommen. Danke fürdie Hilfe Gruß daggimaus |
|
16.04.2015, 21:44
| #26 |
| /// the machine /// TB-Ausbilder | Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CloseProcesses:
HKLM\...\Run: [mbot_de_292] => [X]
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\...\Run: [InetStat] => C:\Users\Hans Leo\AppData\Roaming\InetStat\inetstat.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\...\Run: [clicup-Agent] => C:\Users\Hans Leo\AppData\Local\clicup\chrmndr.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\...\Run: [InetStat] => C:\Users\UpdatusUser\AppData\Roaming\InetStat\inetstat.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\...\Run: [clicup-Agent] => C:\Users\UpdatusUser\AppData\Local\clicup\chrmndr.exe
C:\Users\Hans Leo\AppData\Roaming\InetStat
C:\Users\Hans Leo\AppData\Local\clicup
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1416436823&from=brd&uid=WDCXWD10EURX-73FH1Y0_WD-WCC1U498012680126
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSHw,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2pe3cBiUP2kjpCxARPJjGyrOgOPN7jaCfiLR6DLYFTCl6cPZmG0a45XDbr5kt5nQ,,
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1416436823&from=brd&uid=WDCXWD10EURX-73FH1Y0_WD-WCC1U498012680126
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1004 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
FF HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\3cdxsn3p.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
C:\Windows.old
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.04.2015, 08:39
| #27 |
| | Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 Hier nun die gewünschte log-Datei. Ich benutze Mozillan Firefox. Jedesmal wenn ich damit ins Internet gehe, muss ich bestätigen, dass ich Administrationsrechte und muss damit öffnen. Ist das neuerdings so. Ich habe schon zweimal das Programm gelöscht und wieder neu installiert. Es ändert sich aber nichts. Was ist das denn nun wieder? Oder ist das die neue Version von Mozilla Firefox. Das kanns aber doch nicht sein.  FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by Dadmar Petri (administrator) on DAGMAR on 17-04-2015 09:32:43
Running from C:\Users\Dadmar Petri\Documents\Downloads
Loaded Profiles: Dadmar Petri & UpdatusUser (Available profiles: Dadmar Petri & Hans Leo & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Steganos Software GmbH) C:\Program Files\OkayFreedom\OkayFreedomService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(IObit) C:\Program Files\IObit\Smart Defrag 4\SmartDefrag.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFTips.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Farbar) C:\Users\Dadmar Petri\Documents\Downloads\FRST(2).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mbot_de_292] => [X]
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5844800 2015-04-02] (IObit)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files\OkayFreedom\OkayFreedomClient.exe [6553000 2015-02-18] (Steganos Software GmbH)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\...\Run: [InetStat] => C:\Users\UpdatusUser\AppData\Roaming\InetStat\inetstat.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\...\Run: [clicup-Agent] => C:\Users\UpdatusUser\AppData\Local\clicup\chrmndr.exe
Startup: C:\Users\Hans Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2pe3cBiUP2kjpCxARPJjGyrOgOPN7jaCfiLR6DLYFTCl6cPZmG0a45XDbr5kt5nQ,,
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1416436823&from=brd&uid=WDCXWD10EURX-73FH1Y0_WD-WCC1U498012680126
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1004 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-04-15] (IObit)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-04-15] (IObit)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\qwtqktli.Standard-Benutzer
FF Homepage: spiegel-online.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\qid9w6ga.Dagmar\user.js [2015-04-15]
FF user.js: detected! => C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\qwtqktli.Standard-Benutzer\user.js [2015-04-15]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\qid9w6ga.Dagmar\Extensions\iobitascsurfingprotection@iobit.com [2015-04-15]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\qwtqktli.Standard-Benutzer\Extensions\iobitascsurfingprotection@iobit.com [2015-04-15]
FF Extension: Adblock Plus - C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\qwtqktli.Standard-Benutzer\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-14]
FF HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\3cdxsn3p.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (YouTube) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Google Sheets) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Gmail) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [878912 2015-04-02] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-17] (Avira Operations GmbH & Co. KG)
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2015-03-25] (IObit)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-04-15] (REALiX(tm))
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24608 2009-07-17] (NVIDIA Corporation)
R3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-08-27] (NXP Semiconductors Germany GmbH)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2015-03-25] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2015-03-25] (IObit.com)
S1 A2DDA; \??\C:\EEK\bin\a2ddax86.sys [X]
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp32.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-16 12:20 - 2015-04-16 12:20 - 00000000 ____D () C:\Users\Hans Leo\AppData\Roaming\Avira
2015-04-16 12:14 - 2015-04-16 12:14 - 00000000 ____D () C:\Users\Hans Leo\AppData\Roaming\IObit
2015-04-15 19:55 - 2015-04-17 08:51 - 00001288 _____ () C:\Windows\setupact.log
2015-04-15 19:55 - 2015-04-15 19:55 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-15 19:54 - 2015-04-15 19:54 - 00001028 _____ () C:\Windows\PFRO.log
2015-04-15 19:35 - 2015-04-15 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-04-15 19:19 - 2014-06-04 15:17 - 00031008 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2015-04-15 19:18 - 2015-04-15 19:18 - 00001128 _____ () C:\Users\Public\Desktop\Smart Defrag 4.lnk
2015-04-15 19:18 - 2015-04-15 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2015-04-15 19:18 - 2015-01-10 15:32 - 00109856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2015-04-15 19:18 - 2014-06-04 15:17 - 00018624 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2015-04-15 19:12 - 2015-04-17 08:51 - 00000286 _____ () C:\Windows\Tasks\Driver Booster Update.job
2015-04-15 19:12 - 2015-04-17 08:51 - 00000284 _____ () C:\Windows\Tasks\Driver Booster Scan.job
2015-04-15 19:12 - 2015-04-15 19:12 - 00023840 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS
2015-04-15 19:12 - 2015-04-15 19:12 - 00001198 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-04-15 19:12 - 2015-04-15 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-04-15 19:02 - 2015-04-17 08:51 - 00000294 _____ () C:\Windows\Tasks\ASC8_PerformanceMonitor.job
2015-04-15 19:01 - 2015-04-15 19:35 - 00001131 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2015-04-15 19:01 - 2015-04-15 19:01 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\ProductData
2015-04-15 19:00 - 2015-04-16 07:45 - 00000000 ____D () C:\Users\All Users\ProductData
2015-04-15 19:00 - 2015-04-16 07:45 - 00000000 ____D () C:\Users\All Users\IObit
2015-04-15 19:00 - 2015-04-16 07:45 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-15 19:00 - 2015-04-16 07:45 - 00000000 ____D () C:\ProgramData\IObit
2015-04-15 19:00 - 2015-04-15 19:38 - 00000000 ____D () C:\Users\All Users\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-15 19:00 - 2015-04-15 19:38 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-15 19:00 - 2015-04-15 19:18 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\IObit
2015-04-15 19:00 - 2015-04-15 19:18 - 00000000 ____D () C:\Program Files\IObit
2015-04-15 19:00 - 2015-04-15 19:11 - 00002127 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-04-15 19:00 - 2015-04-15 19:00 - 00001186 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-04-15 19:00 - 2015-04-15 19:00 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-04-15 19:00 - 2015-04-15 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-04-15 19:00 - 2015-04-15 19:00 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-04-14 21:08 - 2015-04-14 21:08 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-14 21:08 - 2015-04-14 21:08 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-14 21:08 - 2015-04-14 21:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-14 20:52 - 2015-04-14 20:52 - 00008242 _____ () C:\EamClean.log
2015-04-14 20:49 - 2015-04-14 20:50 - 01795729 _____ (Medion) C:\Users\Dadmar Petri\Downloads\fwupt50n.exe
2015-04-14 20:39 - 2015-04-14 20:39 - 00000000 ____D () C:\Users\Dadmar Petri\Downloads\FRST-OlderVersion
2015-04-14 15:30 - 2015-04-14 15:30 - 00466488 _____ () C:\Windows\Minidump\041415-36629-01.dmp
2015-04-14 12:24 - 2015-04-14 12:24 - 00465824 _____ () C:\Windows\Minidump\041415-22432-01.dmp
2015-04-13 16:42 - 2015-04-13 16:42 - 00852616 _____ () C:\Users\Dadmar Petri\Desktop\SecurityCheck.exe
2015-04-12 19:21 - 2015-04-12 20:31 - 00032041 _____ () C:\Users\Dadmar Petri\Desktop\FRST.txt
2015-04-12 11:53 - 2015-04-12 11:53 - 00000000 ____D () C:\$WINDOWS.~LS
2015-04-12 11:51 - 2015-04-12 11:51 - 00000000 ____D () C:\$WINDOWS.~BT
2015-04-11 14:45 - 2015-04-11 14:45 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Avira
2015-04-11 14:41 - 2015-03-17 13:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-11 14:38 - 2015-04-11 14:38 - 00001165 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-11 14:37 - 2015-04-11 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-11 14:37 - 2015-04-11 14:37 - 00000000 ____D () C:\Users\All Users\Package Cache
2015-04-11 14:37 - 2015-04-11 14:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-11 14:34 - 2015-04-11 14:34 - 04625104 _____ (Avira Operations GmbH & Co. KG) C:\Users\Dadmar Petri\Desktop\avira_de_av_5529133b5619d__wsm.exe
2015-04-11 14:24 - 2015-04-11 14:51 - 00000000 ____D () C:\Program Files\Common Files\c716fd70-872c-4aaa-a07f-e248365d7f56
2015-04-11 14:24 - 2015-04-11 14:38 - 00000000 ____D () C:\Users\All Users\c716fd70-872c-4aaa-a07f-e248365d7f56
2015-04-11 14:24 - 2015-04-11 14:38 - 00000000 ____D () C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56
2015-04-11 14:24 - 2015-04-11 14:24 - 105603488 _____ () C:\Users\Dadmar Petri\Downloads\avira-antivirus.exe
2015-04-11 13:45 - 2015-04-11 13:45 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAGMAR-Windows-7-Home-Premium-(32-bit).dat
2015-04-11 13:45 - 2015-04-11 13:45 - 00000000 ____D () C:\RegBackup
2015-04-10 11:00 - 2015-04-10 11:00 - 00029620 _____ () C:\Users\Dadmar Petri\Downloads\Addition.txt
2015-04-10 10:59 - 2015-04-14 20:40 - 00031028 _____ () C:\Users\Dadmar Petri\Downloads\FRST.txt
2015-04-10 10:58 - 2015-04-17 09:32 - 00000000 ____D () C:\FRST
2015-04-10 10:57 - 2015-04-14 20:39 - 01135616 _____ (Farbar) C:\Users\Dadmar Petri\Downloads\FRST.exe
2015-04-09 12:05 - 2015-04-09 12:05 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018(2).exe
2015-04-09 11:38 - 2015-04-09 11:38 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018(1).exe
2015-04-09 11:19 - 2015-04-09 11:19 - 00000000 ____D () C:\Users\All Users\Malwarebytes
2015-04-09 11:19 - 2015-04-09 11:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 11:18 - 2015-04-09 11:18 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-08 09:35 - 2015-04-14 21:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-07 13:43 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\SlimService
2015-04-07 13:43 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2015-04-07 13:43 - 2015-04-07 13:43 - 00000000 ____D () C:\Users\All Users\SlimWare Utilities Inc
2015-04-07 13:43 - 2015-04-07 13:43 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2015-04-07 13:42 - 2015-04-07 17:51 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\SlimWare Utilities Inc
2015-04-01 00:59 - 2015-04-12 11:37 - 00002542 _____ () C:\Windows\diagwrn.xml
2015-04-01 00:59 - 2015-04-12 11:37 - 00001890 _____ () C:\Windows\diagerr.xml
2015-04-01 00:49 - 2015-04-01 00:49 - 00005168 _____ () C:\Users\Dadmar Petri\Downloads\hijackthis.log
2015-04-01 00:47 - 2015-04-01 00:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dadmar Petri\Downloads\HijackThis.exe
2015-03-31 23:09 - 2015-04-08 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2015-03-31 23:09 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\OkayFreedom
2015-03-31 23:09 - 2015-04-01 01:15 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Steganos VPN
2015-03-31 23:09 - 2015-03-31 23:15 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Steganos
2015-03-31 23:09 - 2015-03-31 23:09 - 00000000 ____D () C:\Program Files\Common Files\Steganos
2015-03-31 21:52 - 2015-04-16 17:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-31 21:52 - 2015-04-14 21:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-31 21:52 - 2015-04-14 21:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-31 21:52 - 2015-03-31 21:52 - 01055936 _____ (Adobe) C:\Users\Dadmar Petri\Downloads\install_flashplayer17x32_mssd_aaa_aih.exe
2015-03-31 21:08 - 2015-03-31 21:08 - 00243576 _____ () C:\Users\Dadmar Petri\Downloads\Firefox Setup Stub 37.0.exe
2015-03-30 23:41 - 2015-03-31 21:45 - 00000000 ____D () C:\Program Files\Learn to Play Bridge 2
2015-03-30 23:41 - 2015-03-30 23:41 - 02062482 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Dadmar Petri\Downloads\ltpb2setup.exe
2015-03-30 11:33 - 2015-03-31 21:45 - 00286720 _____ (Indigo Rose Corporation) C:\Windows\iun506.exe
2015-03-30 11:33 - 2015-03-30 11:33 - 01865951 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Dadmar Petri\Downloads\ltpb1setup.exe
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\UpdatusUser\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\Hans Leo\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\Dadmar Petri\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Learn to Play Bridge
2015-03-30 11:33 - 2015-03-30 11:33 - 00000000 ____D () C:\Program Files\Learn to Play Bridge
2015-03-30 11:24 - 2015-03-30 11:24 - 00698138 _____ () C:\Users\Dadmar Petri\Downloads\bbo_shortcut.exe
2015-03-30 00:14 - 2015-03-20 15:27 - 25808896 _____ () C:\Users\Dadmar Petri\Documents\Büro_2015_24.03.15.mdb
2015-03-26 18:08 - 2015-03-26 18:08 - 00462552 _____ () C:\Windows\Minidump\032615-20139-01.dmp
2015-03-23 16:06 - 2015-03-26 17:15 - 00000000 ____D () C:\e79d95644af82acfec248548e1a8067b
2015-03-23 16:05 - 2015-03-23 16:09 - 373578968 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\office2007sp3-kb2526086-fullfile-de-de.exe
2015-03-23 16:05 - 2015-03-23 16:07 - 08676128 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\Windows7UpgradeAdvisorSetup.exe
2015-03-23 16:05 - 2015-03-23 16:06 - 40888512 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\Windows-KB890830-V5.22.exe
2015-03-23 16:05 - 2015-03-23 16:06 - 39074536 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\FileFormatConverters(1).exe
2015-03-23 13:57 - 2015-03-23 13:57 - 00462936 _____ () C:\Windows\Minidump\032315-32775-01.dmp
2015-03-23 12:24 - 2015-03-23 12:24 - 00031282 _____ () C:\Users\Dadmar Petri\Documents\Die Uhus.dotx
2015-03-23 10:50 - 2015-03-23 10:50 - 00463416 _____ () C:\Windows\Minidump\032315-21309-01.dmp
2015-03-18 13:11 - 2015-03-29 20:11 - 00000000 ____D () C:\Users\All Users\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-18 13:11 - 2015-03-29 20:11 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-17 08:58 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-17 08:58 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-17 08:54 - 2014-11-19 16:32 - 01055669 _____ () C:\Windows\WindowsUpdate.log
2015-04-17 08:51 - 2014-11-20 15:28 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-17 08:51 - 2014-11-20 01:14 - 00001368 _____ () C:\Windows\Tasks\UTLKMTU.job
2015-04-17 08:51 - 2014-11-20 01:13 - 00001366 _____ () C:\Windows\Tasks\FUPWXF.job
2015-04-17 08:51 - 2014-11-19 22:59 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-17 08:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-16 13:04 - 2014-12-30 10:50 - 00271360 _____ () C:\Users\Hans Leo\Documents\Kontakte.pst
2015-04-16 09:23 - 2014-11-19 22:12 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\Microsoft Help
2015-04-16 08:30 - 2014-11-19 16:08 - 00000000 ____D () C:\Windows.old.000
2015-04-15 22:33 - 2014-11-17 11:27 - 00000000 ____D () C:\Windows.old
2015-04-15 19:11 - 2014-11-23 20:04 - 00000000 ____D () C:\Users\Dadmar Petri\Documents\DIE UHUS
2015-04-15 19:11 - 2014-11-19 16:28 - 00000000 ____D () C:\Windows\Panther
2015-04-15 19:00 - 2015-01-02 13:46 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Apple Computer
2015-04-15 19:00 - 2014-11-19 18:30 - 00000000 ____D () C:\Users\Dadmar Petri
2015-04-14 21:37 - 2014-11-20 01:41 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\Adobe
2015-04-14 20:50 - 2014-03-03 23:41 - 00000000 ____D () C:\Medion
2015-04-14 20:12 - 2014-01-31 13:38 - 00000000 ____D () C:\temp
2015-04-14 20:12 - 2014-01-18 21:01 - 00000000 ____D () C:\Users\Dagmar\AppData\Roaming\nationzoom
2015-04-14 15:30 - 2015-01-03 16:50 - 385888152 _____ () C:\Windows\MEMORY.DMP
2015-04-14 15:30 - 2015-01-03 16:50 - 00000000 ____D () C:\Windows\Minidump
2015-04-13 11:47 - 2014-11-19 17:52 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 19:33 - 2012-01-31 20:40 - 00000236 _____ () C:\Users\Dadmar Petri\Desktop\Bridge Base Online.url
2015-04-12 12:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-04-11 14:41 - 2014-11-20 01:18 - 00000000 ____D () C:\Users\All Users\Avira
2015-04-11 14:41 - 2014-11-20 01:18 - 00000000 ____D () C:\ProgramData\Avira
2015-04-11 14:41 - 2014-11-20 01:18 - 00000000 ____D () C:\Program Files\Avira
2015-04-11 12:37 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-11 12:32 - 2015-01-03 13:51 - 00000000 ____D () C:\AdwCleaner
2015-04-10 10:42 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-08 09:59 - 2015-01-04 23:59 - 00000000 ____D () C:\Users\All Users\Netzmanager
2015-04-08 09:59 - 2015-01-04 23:59 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-04-08 09:59 - 2014-11-20 01:42 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-08 09:59 - 2014-11-20 00:09 - 00000000 ____D () C:\Users\Hans Leo
2015-04-08 09:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-04-08 09:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-08 09:58 - 2014-11-21 11:08 - 00000000 ____D () C:\Users\Hans Leo\AppData\Local\Mozilla
2015-04-08 09:58 - 2014-11-20 01:10 - 00000000 ____D () C:\Users\All Users\NVIDIA
2015-04-08 09:58 - 2014-11-20 01:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-08 09:58 - 2014-11-20 00:52 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\Mozilla
2015-04-08 09:57 - 2014-01-18 12:16 - 00000000 __RHD () C:\MSOCache
2015-04-01 19:22 - 2014-11-20 13:46 - 00065464 _____ () C:\Users\Hans Leo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-01 00:54 - 2014-11-29 14:48 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\dlg
2015-04-01 00:48 - 2014-11-19 18:30 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\VirtualStore
2015-03-31 22:11 - 2009-07-14 06:33 - 00303112 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-31 20:37 - 2014-11-19 23:59 - 00065464 _____ () C:\Users\Dadmar Petri\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-31 19:18 - 2014-11-19 22:12 - 00000000 ____D () C:\Users\All Users\Microsoft Help
2015-03-31 19:18 - 2014-11-19 22:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-31 19:17 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2015-03-29 20:54 - 2015-01-12 20:57 - 00000000 ____D () C:\Windows\pss
2015-03-29 20:11 - 2015-01-02 13:41 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-29 09:03 - 2015-01-02 13:42 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-28 19:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-26 17:15 - 2015-01-03 16:48 - 00000000 ____D () C:\NVIDIA
2015-03-26 17:15 - 2014-11-30 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-26 17:15 - 2014-11-30 21:07 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-26 17:15 - 2014-11-28 23:40 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
==================== Files in the root of some directories =======
2014-12-20 10:45 - 2014-12-20 10:45 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Dadmar Petri\AppData\Local\Temp\ASCSetup_3405267.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\avgnt.exe
C:\Users\Hans Leo\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-14 16:00
==================== End Of Log ============================
|
|
17.04.2015, 19:46
| #28 |
| /// the machine /// TB-Ausbilder | Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 Hast Du den Fix gemacht?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.04.2015, 10:58
| #29 |
| | Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 Das hatte ich meines Wissens schon geschickt. Aber hier nochmal: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by Dadmar Petri (administrator) on DAGMAR on 17-04-2015 23:18:42
Running from C:\Users\Dadmar Petri\Downloads\FRST-OlderVersion
Loaded Profiles: Dadmar Petri & Hans Leo & UpdatusUser (Available profiles: Dadmar Petri & Hans Leo & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Steganos Software GmbH) C:\Program Files\OkayFreedom\OkayFreedomService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mbot_de_292] => [X]
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files\OkayFreedom\OkayFreedomClient.exe [6553000 2015-02-18] (Steganos Software GmbH)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\...\Run: [InetStat] => C:\Users\Hans Leo\AppData\Roaming\InetStat\inetstat.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\...\Run: [clicup-Agent] => C:\Users\Hans Leo\AppData\Local\clicup\chrmndr.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\...\Run: [InetStat] => C:\Users\UpdatusUser\AppData\Roaming\InetStat\inetstat.exe
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\...\Run: [clicup-Agent] => C:\Users\UpdatusUser\AppData\Local\clicup\chrmndr.exe
Startup: C:\Users\Hans Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-941624961-3290542821-2423505712-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1416436823&from=brd&uid=WDCXWD10EURX-73FH1Y0_WD-WCC1U498012680126
HKU\S-1-5-21-941624961-3290542821-2423505712-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSHw,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2pe3cBiUP2kjpCxARPJjGyrOgOPN7jaCfiLR6DLYFTCl6cPZmG0a45XDbr5kt5nQ,,
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0PxPtS5_ArfOXJhUttP0_eU1N1gN8AC7dI9zamlf1WqP38ntbhRJVUTju1csgZZN2leGpPaKT2Rf8vD-AFnsEea3NRoPTOFJbgbA1SXa4UM96GrzZz33zT5KVhynzSGA,,&q={searchTerms}
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-941624961-3290542821-2423505712-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1416436823&from=brd&uid=WDCXWD10EURX-73FH1Y0_WD-WCC1U498012680126
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtD0ByE0EyE0F0FtCzy0CtN0D0Tzu0StCtCzyyCtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0EyCyD0EtByE0CtG0ByCtBzytGyCyByCzztG0CyEtB0FtGtByE0DyBtA0AyE0A0BzytAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCzyyB0D0AzzyDtG0C0CyE0FtGyEtC0F0FtG0AtC0DzytGyEyDtAzy0B0AtAyEtB0B0CtC2QtN0A0LzutB%26cr%3D1867299924%26a%3Dwny_secureddownload_15_15%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-941624961-3290542821-2423505712-1004 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\qwtqktli.Standard-Benutzer
FF Homepage: spiegel-online.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\qid9w6ga.Dagmar\user.js [2015-04-15]
FF user.js: detected! => C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\qwtqktli.Standard-Benutzer\user.js [2015-04-15]
FF Extension: Adblock Plus - C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\qwtqktli.Standard-Benutzer\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-14]
FF HKU\S-1-5-21-941624961-3290542821-2423505712-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dadmar Petri\AppData\Roaming\Mozilla\Firefox\Profiles\3cdxsn3p.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR Profile: C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (YouTube) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Google Sheets) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Gmail) - C:\Users\Dadmar Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-04-15] (REALiX(tm))
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24608 2009-07-17] (NVIDIA Corporation)
R3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-08-27] (NXP Semiconductors Germany GmbH)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S1 A2DDA; \??\C:\EEK\bin\a2ddax86.sys [X]
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp32.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-17 23:15 - 2015-04-17 23:15 - 00000000 _____ () C:\Users\Dadmar Petri\Desktop\Neues Textdokument.txt
2015-04-17 19:53 - 2015-04-17 19:53 - 2048196608 _____ () C:\Users\Dadmar Petri\Downloads\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso
2015-04-17 19:40 - 2015-04-17 19:40 - 275488256 _____ () C:\Users\Dadmar Petri\Downloads\Windows_Win7SP1.7601.17514.101119-1850.AMD64CHK.Symbols.msi
2015-04-17 18:34 - 2015-04-17 18:34 - 00001291 _____ () C:\Windows\IE11_main.log
2015-04-16 12:20 - 2015-04-16 12:20 - 00000000 ____D () C:\Users\Hans Leo\AppData\Roaming\Avira
2015-04-16 12:14 - 2015-04-16 12:14 - 00000000 ____D () C:\Users\Hans Leo\AppData\Roaming\IObit
2015-04-15 19:55 - 2015-04-17 19:59 - 00001456 _____ () C:\Windows\setupact.log
2015-04-15 19:55 - 2015-04-15 19:55 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-15 19:54 - 2015-04-17 19:28 - 00002378 _____ () C:\Windows\PFRO.log
2015-04-15 19:19 - 2014-06-04 15:17 - 00031008 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2015-04-15 19:12 - 2015-04-15 19:12 - 00023840 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS
2015-04-15 19:02 - 2015-04-17 19:59 - 00000294 _____ () C:\Windows\Tasks\ASC8_PerformanceMonitor.job
2015-04-15 19:01 - 2015-04-15 19:01 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\ProductData
2015-04-15 19:00 - 2015-04-17 19:28 - 00002127 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-04-15 19:00 - 2015-04-17 19:26 - 00000000 ____D () C:\Program Files\IObit
2015-04-15 19:00 - 2015-04-16 07:45 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-15 19:00 - 2015-04-16 07:45 - 00000000 ____D () C:\ProgramData\IObit
2015-04-15 19:00 - 2015-04-15 19:38 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-15 19:00 - 2015-04-15 19:18 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\IObit
2015-04-15 19:00 - 2015-04-15 19:00 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-04-15 19:00 - 2015-04-15 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-04-15 19:00 - 2015-04-15 19:00 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-04-14 20:52 - 2015-04-14 20:52 - 00008242 _____ () C:\EamClean.log
2015-04-14 20:49 - 2015-04-14 20:50 - 01795729 _____ (Medion) C:\Users\Dadmar Petri\Downloads\fwupt50n.exe
2015-04-14 20:39 - 2015-04-17 23:18 - 00000000 ____D () C:\Users\Dadmar Petri\Downloads\FRST-OlderVersion
2015-04-14 15:30 - 2015-04-14 15:30 - 00466488 _____ () C:\Windows\Minidump\041415-36629-01.dmp
2015-04-14 12:24 - 2015-04-14 12:24 - 00465824 _____ () C:\Windows\Minidump\041415-22432-01.dmp
2015-04-13 16:42 - 2015-04-13 16:42 - 00852616 _____ () C:\Users\Dadmar Petri\Desktop\SecurityCheck.exe
2015-04-12 19:21 - 2015-04-12 20:31 - 00032041 _____ () C:\Users\Dadmar Petri\Desktop\FRST.txt
2015-04-12 11:53 - 2015-04-12 11:53 - 00000000 ____D () C:\$WINDOWS.~LS
2015-04-12 11:51 - 2015-04-12 11:51 - 00000000 ____D () C:\$WINDOWS.~BT
2015-04-11 14:45 - 2015-04-11 14:45 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Avira
2015-04-11 14:41 - 2015-03-17 13:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-11 14:41 - 2015-03-17 13:01 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-11 14:38 - 2015-04-11 14:38 - 00001165 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-11 14:37 - 2015-04-11 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-11 14:37 - 2015-04-11 14:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-11 14:34 - 2015-04-11 14:34 - 04625104 _____ (Avira Operations GmbH & Co. KG) C:\Users\Dadmar Petri\Desktop\avira_de_av_5529133b5619d__wsm.exe
2015-04-11 14:24 - 2015-04-11 14:51 - 00000000 ____D () C:\Program Files\Common Files\c716fd70-872c-4aaa-a07f-e248365d7f56
2015-04-11 14:24 - 2015-04-11 14:38 - 00000000 ____D () C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56
2015-04-11 14:24 - 2015-04-11 14:24 - 105603488 _____ () C:\Users\Dadmar Petri\Downloads\avira-antivirus.exe
2015-04-11 13:45 - 2015-04-11 13:45 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAGMAR-Windows-7-Home-Premium-(32-bit).dat
2015-04-11 13:45 - 2015-04-11 13:45 - 00000000 ____D () C:\RegBackup
2015-04-10 11:00 - 2015-04-10 11:00 - 00029620 _____ () C:\Users\Dadmar Petri\Downloads\Addition.txt
2015-04-10 10:59 - 2015-04-14 20:40 - 00031028 _____ () C:\Users\Dadmar Petri\Downloads\FRST.txt
2015-04-10 10:58 - 2015-04-17 23:18 - 00000000 ____D () C:\FRST
2015-04-10 10:57 - 2015-04-14 20:39 - 01135616 _____ (Farbar) C:\Users\Dadmar Petri\Downloads\FRST.exe
2015-04-09 12:05 - 2015-04-09 12:05 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018(2).exe
2015-04-09 11:38 - 2015-04-09 11:38 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018(1).exe
2015-04-09 11:19 - 2015-04-09 11:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 11:18 - 2015-04-09 11:18 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dadmar Petri\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-08 09:35 - 2015-04-17 19:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-07 13:43 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\SlimService
2015-04-07 13:43 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2015-04-07 13:43 - 2015-04-07 13:43 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2015-04-07 13:42 - 2015-04-07 17:51 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\SlimWare Utilities Inc
2015-04-01 00:59 - 2015-04-12 11:37 - 00002542 _____ () C:\Windows\diagwrn.xml
2015-04-01 00:59 - 2015-04-12 11:37 - 00001890 _____ () C:\Windows\diagerr.xml
2015-04-01 00:49 - 2015-04-01 00:49 - 00005168 _____ () C:\Users\Dadmar Petri\Downloads\hijackthis.log
2015-04-01 00:47 - 2015-04-01 00:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dadmar Petri\Downloads\HijackThis.exe
2015-03-31 23:09 - 2015-04-08 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2015-03-31 23:09 - 2015-04-08 09:59 - 00000000 ____D () C:\Program Files\OkayFreedom
2015-03-31 23:09 - 2015-04-01 01:15 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Steganos VPN
2015-03-31 23:09 - 2015-03-31 23:15 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Steganos
2015-03-31 23:09 - 2015-03-31 23:09 - 00000000 ____D () C:\Program Files\Common Files\Steganos
2015-03-31 21:52 - 2015-04-17 22:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-31 21:52 - 2015-04-17 19:09 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-31 21:52 - 2015-04-17 19:09 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-31 21:52 - 2015-03-31 21:52 - 01055936 _____ (Adobe) C:\Users\Dadmar Petri\Downloads\install_flashplayer17x32_mssd_aaa_aih.exe
2015-03-31 21:08 - 2015-03-31 21:08 - 00243576 _____ () C:\Users\Dadmar Petri\Downloads\Firefox Setup Stub 37.0.exe
2015-03-30 23:41 - 2015-03-31 21:45 - 00000000 ____D () C:\Program Files\Learn to Play Bridge 2
2015-03-30 23:41 - 2015-03-30 23:41 - 02062482 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Dadmar Petri\Downloads\ltpb2setup.exe
2015-03-30 11:33 - 2015-03-31 21:45 - 00286720 _____ (Indigo Rose Corporation) C:\Windows\iun506.exe
2015-03-30 11:33 - 2015-03-30 11:33 - 01865951 _____ (Indigo Rose Corporation hxxp://www.indigorose.com) C:\Users\Dadmar Petri\Downloads\ltpb1setup.exe
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\UpdatusUser\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\Hans Leo\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00001907 _____ () C:\Users\Dadmar Petri\Desktop\Learn to Play Bridge.lnk
2015-03-30 11:33 - 2015-03-30 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Learn to Play Bridge
2015-03-30 11:33 - 2015-03-30 11:33 - 00000000 ____D () C:\Program Files\Learn to Play Bridge
2015-03-30 11:24 - 2015-03-30 11:24 - 00698138 _____ () C:\Users\Dadmar Petri\Downloads\bbo_shortcut.exe
2015-03-30 00:14 - 2015-03-20 15:27 - 25808896 _____ () C:\Users\Dadmar Petri\Documents\Büro_2015_24.03.15.mdb
2015-03-26 18:08 - 2015-03-26 18:08 - 00462552 _____ () C:\Windows\Minidump\032615-20139-01.dmp
2015-03-23 16:06 - 2015-03-26 17:15 - 00000000 ____D () C:\e79d95644af82acfec248548e1a8067b
2015-03-23 16:05 - 2015-03-23 16:09 - 373578968 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\office2007sp3-kb2526086-fullfile-de-de.exe
2015-03-23 16:05 - 2015-03-23 16:07 - 08676128 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\Windows7UpgradeAdvisorSetup.exe
2015-03-23 16:05 - 2015-03-23 16:06 - 40888512 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\Windows-KB890830-V5.22.exe
2015-03-23 16:05 - 2015-03-23 16:06 - 39074536 _____ (Microsoft Corporation) C:\Users\Dadmar Petri\Downloads\FileFormatConverters(1).exe
2015-03-23 13:57 - 2015-03-23 13:57 - 00462936 _____ () C:\Windows\Minidump\032315-32775-01.dmp
2015-03-23 12:24 - 2015-03-23 12:24 - 00031282 _____ () C:\Users\Dadmar Petri\Documents\Die Uhus.dotx
2015-03-23 10:50 - 2015-03-23 10:50 - 00463416 _____ () C:\Windows\Minidump\032315-21309-01.dmp
2015-03-18 13:11 - 2015-03-29 20:11 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-17 23:10 - 2014-11-20 01:14 - 00001368 _____ () C:\Windows\Tasks\UTLKMTU.job
2015-04-17 21:10 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-17 21:10 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-17 21:08 - 2014-11-19 16:32 - 01281128 _____ () C:\Windows\WindowsUpdate.log
2015-04-17 20:00 - 2014-11-19 22:59 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-17 19:59 - 2014-11-20 15:28 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-17 19:59 - 2014-11-20 01:13 - 00001366 _____ () C:\Windows\Tasks\FUPWXF.job
2015-04-17 19:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-17 19:33 - 2014-11-19 17:52 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 19:19 - 2014-11-20 01:41 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\Adobe
2015-04-17 10:25 - 2014-11-23 20:04 - 00000000 ____D () C:\Users\Dadmar Petri\Documents\DIE UHUS
2015-04-16 13:04 - 2014-12-30 10:50 - 00271360 _____ () C:\Users\Hans Leo\Documents\Kontakte.pst
2015-04-16 09:23 - 2014-11-19 22:12 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\Microsoft Help
2015-04-16 08:30 - 2014-11-19 16:08 - 00000000 ____D () C:\Windows.old.000
2015-04-15 22:33 - 2014-11-17 11:27 - 00000000 ____D () C:\Windows.old
2015-04-15 19:11 - 2014-11-19 16:28 - 00000000 ____D () C:\Windows\Panther
2015-04-15 19:00 - 2015-01-02 13:46 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\Apple Computer
2015-04-15 19:00 - 2014-11-19 18:30 - 00000000 ____D () C:\Users\Dadmar Petri
2015-04-14 20:50 - 2014-03-03 23:41 - 00000000 ____D () C:\Medion
2015-04-14 20:12 - 2014-01-31 13:38 - 00000000 ____D () C:\temp
2015-04-14 20:12 - 2014-01-18 21:01 - 00000000 ____D () C:\Users\Dagmar\AppData\Roaming\nationzoom
2015-04-14 15:30 - 2015-01-03 16:50 - 385888152 _____ () C:\Windows\MEMORY.DMP
2015-04-14 15:30 - 2015-01-03 16:50 - 00000000 ____D () C:\Windows\Minidump
2015-04-12 19:33 - 2012-01-31 20:40 - 00000236 _____ () C:\Users\Dadmar Petri\Desktop\Bridge Base Online.url
2015-04-12 12:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-04-11 14:41 - 2014-11-20 01:18 - 00000000 ____D () C:\ProgramData\Avira
2015-04-11 14:41 - 2014-11-20 01:18 - 00000000 ____D () C:\Program Files\Avira
2015-04-11 12:37 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-11 12:32 - 2015-01-03 13:51 - 00000000 ____D () C:\AdwCleaner
2015-04-10 10:42 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-08 09:59 - 2015-01-04 23:59 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-04-08 09:59 - 2014-11-20 01:42 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-08 09:59 - 2014-11-20 00:09 - 00000000 ____D () C:\Users\Hans Leo
2015-04-08 09:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-04-08 09:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-08 09:58 - 2014-11-21 11:08 - 00000000 ____D () C:\Users\Hans Leo\AppData\Local\Mozilla
2015-04-08 09:58 - 2014-11-20 01:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-08 09:58 - 2014-11-20 00:52 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\Mozilla
2015-04-08 09:57 - 2014-01-18 12:16 - 00000000 __RHD () C:\MSOCache
2015-04-01 19:22 - 2014-11-20 13:46 - 00065464 _____ () C:\Users\Hans Leo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-01 11:22 - 2014-11-20 00:53 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-01 00:54 - 2014-11-29 14:48 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Roaming\dlg
2015-04-01 00:48 - 2014-11-19 18:30 - 00000000 ____D () C:\Users\Dadmar Petri\AppData\Local\VirtualStore
2015-03-31 22:11 - 2009-07-14 06:33 - 00303112 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-31 20:37 - 2014-11-19 23:59 - 00065464 _____ () C:\Users\Dadmar Petri\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-31 19:18 - 2014-11-19 22:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-31 19:17 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2015-03-29 20:54 - 2015-01-12 20:57 - 00000000 ____D () C:\Windows\pss
2015-03-29 20:11 - 2015-01-02 13:41 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-29 09:03 - 2015-01-02 13:42 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-28 19:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-26 17:15 - 2015-01-03 16:48 - 00000000 ____D () C:\NVIDIA
2015-03-26 17:15 - 2014-11-30 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-26 17:15 - 2014-11-30 21:07 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-26 17:15 - 2014-11-28 23:40 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
==================== Files in the root of some directories =======
2014-12-20 10:45 - 2014-12-20 10:45 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Dadmar Petri\AppData\Local\Temp\ASCSetup_3405267.exe
C:\Users\Dadmar Petri\AppData\Local\Temp\avgnt.exe
C:\Users\Hans Leo\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ich versuche immer noch den Ordner Windows old zu löschen. Es kommt immer die Meldung: "Sie benötigen Administrationsrechte, wiederholen sie den Vorgang." Gelöscht wird aber nicht. Vor dem Ordner ist ein Sicherheitsschloss. Ich habe versucht, übe die Zugriffsrechte die Berechtigung zu ändern, das funktioniert aber nicht. Muss nicht auch der Ordner Windos old000 gelöscht werden. Hier fehlt nämlich das Sicherheitsschloss vor dem Ordner. Bisher habe ich micht jedoch nicht getraut, diesen Ordner zu löschen. Das Windows Update funktioniert auch nicht. Ich habe versucht, die Service Pack manuelle herunterzuladen. Das klappt auch. Installieren kann man es jedoch nicht. Gruß daggimaus |
|
18.04.2015, 22:53
| #30 |
| /// the machine /// TB-Ausbilder | Es erscheint beim Starten die meldung: Die Ausnahme "unknown software exception" (0 Datenträgerbereinigung von WIndows sollte den löschen können. Nach dem Fix öffnet sich automatisch ein Fixlog, das brauche ich bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
