| |
| |||||||
Log-Analyse und Auswertung: Windows Vista 32 Bit: Browserseiten/fenster werden selbständig aufgerufenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.05.2015, 13:17
| #1 |
| |  Windows Vista 32 Bit: Browserseiten/fenster werden selbständig aufgerufen Hallo liebe Menschen von Trojanerboard, ich habe folgendes Problem. Der Rechner der hier bei mir steht hatte Maleware installiert (SweetIm) welches ich mithilfe diverser Anleitungen und Tools zu entfernen versucht habe, was soweit auch ganz gut geklappt hat. (Immerhin wir jetzt wenn der Browser aufgerufen wird die normale Startseite angezeigt). Das Problem das jetzt besteht ist das Irgendwas versucht den Browser zu öffnen. Wenn ich mich aktiv im einem Browser (Firefox, IE) befinde wird die Startseite einfach neu geladen. Befinde ich mich aber nicht aktiv in einem Browser wird ein neues Internet Explorer Fenster geöffnet. (Dies kann ganz schnell passieren, sodass sich der Rechner manchmal aufhängt)  Folgende Logfiles gibt es bisher: LogFile von MalewareBytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.05.2015 Suchlauf-Zeit: 13:50:15 Logdatei: Malewarebytes.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.03.09.05 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: user Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 307161 Verstrichene Zeit: 24 Min, 26 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 1 PUP.Optional.SweetPacks.A, HKU\S-1-5-21-3645637860-4088369842-987407559-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, In Quarantäne, [7bfebb88a4e6a393b9262632887b4bb5], Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 5 PUP.Optional.SweetIM, C:\Users\user\AppData\Local\Temp\mgsqlite3.dll, In Quarantäne, [7cfd92b1e7a35cda5e5c7b8cd234dd23], PUP.Optional.SweetIM, C:\Users\user\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe, In Quarantäne, [b4c58eb5206a7cbafdbd6a9d66a0b14f], PUP.Optional.SweetIM, C:\Users\user\AppData\Local\Temp\2827278562\chromeupdaterfull.exe, In Quarantäne, [14651033375375c1b5053ccbf70f25db], PUP.Optional.SweetIM, C:\Users\user\AppData\Local\Temp\is2085557369\bundlesweetimsetup.exe, In Quarantäne, [2752c083dcaef541516925e2b3531de3], PUP.Optional.SweetIM, C:\Users\user\AppData\Local\Temp\scoped_dir_1584_30579\CRX_INSTALL\mgHelperGC.dll, In Quarantäne, [60199ba893f740f669518a7d040238c8], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Logfile Avira Antivir: Code:
ATTFilter Exportierte Ereignisse:
13.05.2015 22:43 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
13.05.2015 22:43 [System-Scanner] Malware gefunden
Die Datei
'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Tempor
ary Internet Files\Content.IE5\A8NRX3Z8\WSSetup[1].exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/Perinet.d.1' [adware].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
13.05.2015 22:43 [System-Scanner] Malware gefunden
Die Datei
'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Tempor
ary Internet Files\Content.IE5\GUTXPDAQ\SkywalkerSetup[1].exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/Perinet.d.2' [adware].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
13.05.2015 22:42 [System-Scanner] Malware gefunden
Die Datei
'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Tempor
ary Internet Files\Content.IE5\Z8ZWZ4TB\SkywalkerSetup[2].exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/Perinet.lasc.1'
[adware].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
13.05.2015 22:42 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50eb25a8.qua'
verschoben!
13.05.2015 22:09 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.05.2015 22:09 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.05.2015 22:09 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.05.2015 22:09 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.05.2015 20:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.05.2015 20:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.05.2015 20:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.05.2015 20:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.05.2015 20:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.05.2015 20:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.05.2015 20:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.05.2015 20:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.05.2015 20:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.05.2015 20:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\user\AppData\Local\Temp\is2085557369\yontoo-c3.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-14 14:03:43
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 WDC_WD2500BEVS-22UST0 rev.01.01A01 232,89GB
Running: rhuxjylw.exe; Driver: C:\Users\user\AppData\Local\Temp\kwtdapob.sys
---- System - GMER 2.1 ----
SSDT 8A514D6E ZwCreateSection
SSDT 8A514D46 ZwCreateSymbolicLinkObject
SSDT 8A514D4B ZwLoadDriver
SSDT 8A514D41 ZwOpenSection
SSDT 8A514D78 ZwRequestWaitReplyPort
SSDT 8A514D73 ZwSetContextThread
SSDT 8A514D7D ZwSetSecurityObject
SSDT 8A514D50 ZwSetSystemInformation
SSDT 8A514D82 ZwSystemDebugControl
SSDT 8A514D0F ZwTerminateProcess
SSDT 8A514D0A ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!KeInsertQueue + 405 8207590C 4 Bytes [6E, 4D, 51, 8A]
.text ntoskrnl.exe!KeInsertQueue + 40D 82075914 4 Bytes [46, 4D, 51, 8A]
.text ntoskrnl.exe!KeInsertQueue + 56D 82075A74 4 Bytes [4B, 4D, 51, 8A]
.text ntoskrnl.exe!KeInsertQueue + 5ED 82075AF4 4 Bytes [41, 4D, 51, 8A]
.text ntoskrnl.exe!KeInsertQueue + 729 82075C30 4 Bytes [78, 4D, 51, 8A]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- EOF - GMER 2.1 ----
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2015 01
Ran by user (administrator) on USER-PC on 14-05-2015 13:32:23
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 2600 Series\ezprint.exe
() C:\Program Files\Power Manager\PM.exe
(FIC) C:\Program Files\Launch Pad\LaunchPad.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
( ) C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
() C:\Program Files\Hotkey Utility\tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Picasa2\PicasaMediaDetector.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
() C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
( ) C:\Windows\System32\lxdncoms.exe
(Fujitsu Siemens Computers) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jaureg.exe [232368 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 2600 Series\ezprint.exe [107176 2008-03-27] (Lexmark International Inc.)
HKLM\...\Run: [FSCRecovery] => c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe [268096 2008-06-18] (Fujitsu Siemens Computers GmbH)
HKLM\...\Run: [PowerManager] => C:\Program Files\Power Manager\PM.exe [1675264 2008-05-22] ()
HKLM\...\Run: [LaunchPad] => C:\Program Files\Launch Pad\LaunchPad.exe [2260992 2008-07-12] (FIC)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2008-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6139904 2008-05-08] (Realtek Semiconductor)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NPCTray] => C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files\Lexmark 2600 Series\lxdnmon.exe [660136 2008-03-27] ()
HKLM\...\Run: [Google EULA Launcher] => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-05-28] ( )
HKLM\...\Run: [FIC HotKey] => C:\Program Files\Hotkey Utility\tray.exe [520192 2008-06-05] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3645637860-4088369842-987407559-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31282304 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3645637860-4088369842-987407559-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3645637860-4088369842-987407559-1000\...\Run: [fsc-reg] => C:\fsc-reg\fscreg.exe [380688 2008-08-01] (Fujitsu Siemens)
HKU\S-1-5-21-3645637860-4088369842-987407559-1000\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-21-3645637860-4088369842-987407559-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-18\...\Run: [fsc-reg] => c:\fsc-reg\fscreg.exe [380688 2008-08-01] (Fujitsu Siemens)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
HKU\S-1-5-21-3645637860-4088369842-987407559-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?PC=AV01
HKU\S-1-5-21-3645637860-4088369842-987407559-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?PC=AV01
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3645637860-4088369842-987407559-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3645637860-4088369842-987407559-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-11] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-11] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3645637860-4088369842-987407559-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-05-13] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-05-13] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-05-13] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-05-13] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-05-13] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-05-13] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-05-13] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-05-13] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 33 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-05-13] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hro1k7bb.default
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Bing (Microsoft)
FF SelectedSearchEngine: SweetIM Search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-03-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-03-11] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hro1k7bb.default\searchplugins\bing-avast.xml [2015-05-13]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hro1k7bb.default\searchplugins\google-images.xml [2014-11-21]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hro1k7bb.default\searchplugins\google-maps.xml [2014-11-21]
FF Extension: Avira Browser Safety - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hro1k7bb.default\Extensions\abs@avira.com [2015-05-13]
FF Extension: WEB.DE MailCheck - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hro1k7bb.default\Extensions\toolbar@web.de [2015-04-17]
FF Extension: Speed Dial - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hro1k7bb.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012-10-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-07]
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2015-04-23] <==== ATTENTION
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [825856 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1186040 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 FSCLBaseUpdaterService; C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [65536 2007-06-04] () [File not signed]
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [594600 2008-02-28] ( )
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 TestHandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [303104 2008-04-25] (Fujitsu Siemens Computers) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107400 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-16] (Avira GmbH)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-05-10] ()
R1 WINIO; C:\Windows\system32\WinIo.sys [9336 2007-01-04] (hxxp://www.internals.com) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-14 13:30 - 2015-05-14 13:32 - 00027012 _____ () C:\Users\user\Desktop\Addition.txt
2015-05-14 13:27 - 2015-05-14 13:32 - 00016078 _____ () C:\Users\user\Desktop\FRST.txt.txt
2015-05-14 13:27 - 2015-05-14 13:32 - 00000000 ____D () C:\FRST
2015-05-14 13:26 - 2015-05-14 13:26 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log
2015-05-14 13:26 - 2015-05-14 13:26 - 00000000 _____ () C:\Users\user\defogger_reenable
2015-05-14 13:21 - 2015-05-14 13:21 - 01144832 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2015-05-14 13:21 - 2015-05-14 13:21 - 00050477 _____ () C:\Users\user\Desktop\Defogger.exe
2015-05-14 12:44 - 2015-05-14 12:36 - 00380416 _____ () C:\Users\user\Desktop\rhuxjylw.exe
2015-05-13 17:16 - 2015-05-13 17:16 - 00000000 ____D () C:\Users\user\AppData\Roaming\Avira
2015-05-13 17:11 - 2015-04-16 15:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-13 17:11 - 2015-04-16 15:23 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-13 17:11 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-13 17:11 - 2015-04-16 15:23 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-05-13 16:28 - 2015-05-13 16:28 - 00001006 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-13 16:27 - 2015-05-13 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-13 16:26 - 2015-05-13 17:14 - 00000000 ____D () C:\ProgramData\Avira
2015-05-13 16:26 - 2015-05-13 17:11 - 00000000 ____D () C:\Program Files\Avira
2015-05-13 15:12 - 2015-05-13 16:22 - 00006877 _____ () C:\Users\user\Desktop\hijackthis.log
2015-05-13 14:34 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 14:34 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 14:34 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 14:34 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 14:34 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 14:34 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 14:34 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 14:34 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 14:34 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 14:34 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 14:34 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 14:34 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 14:34 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-13 14:34 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 14:34 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 14:34 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 14:34 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 14:34 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 14:34 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 14:34 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-13 14:34 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-13 14:34 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-13 14:06 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 13:57 - 2015-05-13 13:58 - 00000000 ____D () C:\Windows\Temp4FD5DB48-835C-1300-F19C-D227D2B8B20C-Signatures
2015-05-13 13:49 - 2015-05-14 09:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-13 13:48 - 2015-05-13 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-13 13:47 - 2015-05-13 13:48 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-13 13:47 - 2015-05-13 13:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-13 13:47 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-13 13:47 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-13 13:47 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-13 13:47 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-13 13:47 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-13 13:47 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-13 13:47 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-13 13:47 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 13:47 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:47 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-13 13:47 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-13 13:47 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-13 13:46 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 13:45 - 2015-05-13 15:20 - 00000000 ____D () C:\Windows\pss
2015-05-13 13:39 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 11:53 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-10 23:45 - 2015-05-10 23:45 - 00000000 ____D () C:\Users\user\AppData\Local\Apps\2.0
2015-05-10 17:39 - 2008-03-17 15:45 - 01414440 _____ (Nero AG) C:\Windows\system32\ShellManager310E2D762.dll
2015-05-10 17:39 - 2008-03-11 20:30 - 00774144 _____ () C:\Windows\system32\NEROINSTAEC43759.DB
2015-05-10 13:55 - 2015-05-10 13:55 - 00001024 _____ () C:\Users\user\.rnd
2015-05-10 13:55 - 2015-05-10 13:55 - 00000000 _____ () C:\Windows\Irremote.ini
2015-04-23 19:09 - 2015-05-09 17:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-16 23:13 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 22:50 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 22:47 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 22:47 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 22:45 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 22:45 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-16 22:45 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 02:35 - 2015-04-14 02:35 - 00875720 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-04-14 02:35 - 2015-04-14 02:35 - 00536776 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-14 13:27 - 2012-06-05 12:25 - 01370605 _____ () C:\Windows\WindowsUpdate.log
2015-05-14 13:22 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 13:22 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 13:22 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 13:20 - 2006-11-02 15:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-14 12:45 - 2012-06-13 18:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-14 12:38 - 2008-01-21 04:47 - 00584444 _____ () C:\Windows\PFRO.log
2015-05-14 11:59 - 2012-06-05 18:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2015-05-13 22:31 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 __RSD () C:\Windows\Media
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-05-13 21:38 - 2006-11-02 12:22 - 40894464 _____ () C:\Windows\system32\config\software_previous
2015-05-13 21:38 - 2006-11-02 12:22 - 17301504 _____ () C:\Windows\system32\config\system_previous
2015-05-13 21:35 - 2006-11-02 12:22 - 38273024 _____ () C:\Windows\system32\config\components_previous
2015-05-13 21:35 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-05-13 16:26 - 2015-02-03 12:52 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-13 15:54 - 2008-01-21 09:16 - 00976356 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-13 15:26 - 2014-11-25 11:12 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 15:25 - 2014-11-25 11:12 - 00001832 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 15:25 - 2014-11-25 11:11 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 14:38 - 2006-11-02 14:47 - 00303800 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 14:36 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Branding
2015-05-13 13:54 - 2008-08-14 04:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 13:41 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-13 13:39 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 11:56 - 2013-09-15 10:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 11:56 - 2012-06-05 18:42 - 00000840 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-13 11:56 - 2012-06-05 18:42 - 00000840 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-13 11:56 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-13 11:50 - 2006-11-02 14:52 - 00103582 _____ () C:\Windows\setupact.log
2015-05-13 11:14 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-05-13 11:14 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-05-10 23:45 - 2012-06-05 12:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fujitsu Siemens Computers
2015-05-10 20:05 - 2012-10-05 18:41 - 00000000 ____D () C:\temp
2015-05-10 17:38 - 2013-01-31 11:17 - 00000000 ____D () C:\Users\user\AppData\Roaming\elsterformular
2015-05-10 17:38 - 2013-01-31 11:16 - 00000000 ____D () C:\ProgramData\elsterformular
2015-05-10 17:33 - 2014-09-09 20:02 - 00000000 ____D () C:\Program Files\DriverUpdate
2015-05-10 15:19 - 2014-09-09 20:02 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-05-10 13:56 - 2008-08-14 03:59 - 00000722 _____ () C:\Windows\system32\MsiExec.exe.log
2015-05-10 13:47 - 2012-06-05 12:30 - 00000000 ____D () C:\Program Files\Google
2015-05-09 17:25 - 2012-06-05 12:34 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2015-05-05 14:28 - 2012-06-05 18:53 - 00000000 ____D () C:\ProgramData\Skype
2015-05-01 08:24 - 2014-09-23 18:30 - 00028672 _____ () C:\Users\user\Documents\lisste.wps
2015-05-01 08:24 - 2012-07-01 19:01 - 00000462 _____ () C:\Users\user\AppData\Roaming\wklnhst.dat
2015-04-27 08:13 - 2012-06-05 18:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-26 10:29 - 2014-10-10 09:18 - 00000000 ___RD () C:\Program Files\Skype
2015-04-15 10:46 - 2012-06-13 18:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 10:46 - 2012-06-13 18:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2012-07-01 19:01 - 2015-05-01 08:24 - 0000462 _____ () C:\Users\user\AppData\Roaming\wklnhst.dat
2014-10-19 10:13 - 2015-02-13 21:49 - 0000680 _____ () C:\Users\user\AppData\Local\d3d9caps.dat
2012-06-13 18:16 - 2014-05-10 22:07 - 0007168 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-05 19:50 - 2012-06-05 19:50 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-09-23 18:32 - 2014-09-23 18:32 - 0331354 _____ () C:\ProgramData\SPL410A.tmp
2014-09-23 18:29 - 2014-09-23 18:29 - 0332886 _____ () C:\ProgramData\SPL7BC2.tmp
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\AskSLib.dll
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\user\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\user\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-14 13:30
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-05-2015 01
Ran by user at 2015-05-14 13:33:33
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3645637860-4088369842-987407559-500 - Administrator - Disabled)
Gast (S-1-5-21-3645637860-4088369842-987407559-501 - Limited - Disabled)
user (S-1-5-21-3645637860-4088369842-987407559-1000 - Administrator - Enabled) => C:\Users\user
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}) (Version: 9.0.124.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.6) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Avira (HKLM\...\{022ef99f-0db2-4efc-964d-5dd2da3151f6}) (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
FSCLounge (HKLM\...\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}) (Version: 1.0.0 - Fujitsu Siemens Computers)
Fujitsu Siemens Computers Recovery (HKLM\...\{AFC454ED-A26F-4816-826B-C35129D82E1F}) (Version: 1.3.9 - Fujitsu Siemens Computers)
Hotkey Utility (HKLM\...\Hotkey Utility_is1) (Version: 1.5.5 - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Launch Pad 1.0.3 (HKLM\...\Launch Pad_is1) (Version: 1.0.3 - FIC, Inc.)
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{854C47D1-C2A0-4492-8655-C3F8D49C1031}) (Version: 8.3.161 - Nero AG)
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Power Manager 2.8.3 (HKLM\...\Power Manager_is1) (Version: 2.8.3 - FIC, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
System Checkup 3.4 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.4.2.29 - iolo technologies, LLC)
SystemDiagnostics (HKLM\...\{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}) (Version: 2.01.0004 - Fujitsu Siemens Computers )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
10-05-2015 13:50:56 Removed Nero 8 Essentials. Available with Windows Installer version 1.2 and later.
10-05-2015 17:32:18 Removed DriverUpdate
10-05-2015 17:33:53 Removed Internet Explorer Toolbar 4.6 by SweetPacks
10-05-2015 17:38:37 Removed Nero 8 Essentials. Available with Windows Installer version 1.2 and later.
10-05-2015 19:54:34 Removed MSXML 4.0 SP2 (KB973688)
11-05-2015 12:24:29 Removed Update Manager for SweetPacks 1.1
11-05-2015 12:25:47 Removed SweetIM for Messenger 3.7
11-05-2015 12:26:22 Removed SweetIM for Messenger 3.7
12-05-2015 10:13:38 Windows Update
13-05-2015 11:44:33 Windows Update
13-05-2015 13:34:03 Windows Update
13-05-2015 15:22:28 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {9EDB8E42-4974-4F46-AB83-3B5F8EF5F166} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {EC5A3411-8C0C-4A3A-9EB2-97752241BDC1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2012-06-05 19:54 - 2008-02-27 13:05 - 00115200 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdndrpp.dll
2012-06-05 19:50 - 2007-10-13 04:24 - 00364544 _____ () C:\Program Files\Lexmark 2600 Series\iptk.dll
2008-08-14 03:53 - 2008-05-22 10:10 - 01675264 _____ () C:\Program Files\Power Manager\PM.exe
2012-06-05 19:50 - 2008-03-27 17:13 - 00660136 _____ () C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
2012-06-05 19:50 - 2008-03-15 07:33 - 00380928 _____ () C:\Program Files\Lexmark 2600 Series\lxdnscw.dll
2012-06-05 19:50 - 2007-05-29 17:39 - 00589824 _____ () C:\Program Files\Lexmark 2600 Series\lxdndatr.dll
2012-06-05 19:50 - 2008-03-15 07:34 - 00782336 _____ () C:\Program Files\Lexmark 2600 Series\lxdnDRS.dll
2012-06-05 19:50 - 2007-11-21 01:44 - 00081920 _____ () C:\Program Files\Lexmark 2600 Series\lxdncaps.dll
2012-06-05 19:50 - 2007-10-03 00:51 - 00069632 _____ () C:\Program Files\Lexmark 2600 Series\lxdncnv4.dll
2008-08-14 03:53 - 2008-06-05 15:42 - 00520192 _____ () C:\Program Files\Hotkey Utility\tray.exe
2007-06-04 15:20 - 2007-06-04 15:20 - 00065536 _____ () C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
2007-08-27 10:54 - 2007-08-27 10:54 - 00155648 _____ () C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWUpdater\0.18\FSCWUpdater.dll
2014-05-19 14:30 - 2015-05-14 13:24 - 00176128 _____ () C:\Windows\assembly\GAC_MSIL\FSCWCOM\1.0.0.0__8a33c55e43c2707f\FSCWCOM.dll
2014-05-19 14:30 - 2015-05-14 13:24 - 05881856 _____ () C:\Windows\assembly\GAC_MSIL\FSCWorld\6.0.6000.0__8a33c55e43c2707f\FSCWorld.dll
2014-05-19 14:30 - 2015-05-14 13:25 - 00040960 _____ () C:\Windows\assembly\GAC_MSIL\iFSCWTransfer\1.0.0.0__8a33c55e43c2707f\iFSCWTransfer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3645637860-4088369842-987407559-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Socialbox.lnk => C:\Windows\pss\Socialbox.lnk.Startup
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{59FEA07F-9D66-48DE-B647-77D5A3B3ED24}] => (Allow) C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
FirewallRules: [{A85D6F64-BF32-4ABE-A5AB-F3620322C4BD}] => (Allow) C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
FirewallRules: [{1BD03ACF-39F9-4CE7-A0CA-8F9A674639F2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A803E4B2-042B-4E11-8FE9-AB85B240B628}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{9AAB19CB-2AF5-4F9F-82C5-DD05F817BAEB}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [TCP Query User{0E7BA879-F112-4E38-B1C4-21FC0B0332DD}C:\program files\lexmark 2600 series\lxdnmon.exe] => (Block) C:\program files\lexmark 2600 series\lxdnmon.exe
FirewallRules: [UDP Query User{522E79D1-10DA-41FC-ACC3-A3C260CD7EF4}C:\program files\lexmark 2600 series\lxdnmon.exe] => (Block) C:\program files\lexmark 2600 series\lxdnmon.exe
FirewallRules: [TCP Query User{9211D5FC-CCA0-4967-8201-5E638FD3342B}C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe] => (Block) C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe
FirewallRules: [UDP Query User{FD53FF4D-5C40-4066-B30A-E7C0278E6E06}C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe] => (Block) C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe
FirewallRules: [{A3843E23-8966-472D-B9A6-8959C1A720F9}] => (Allow) LPort=80
FirewallRules: [{D4917D1B-C290-446B-8A46-495698BB12D4}] => (Allow) LPort=80
FirewallRules: [{C7D0718C-3852-4BDD-A249-D0A376257421}] => (Allow) LPort=80
FirewallRules: [TCP Query User{3B3E148F-BEAA-4936-B25B-3823D20EE6A4}C:\program files\lexmark 2600 series\lxdnlscn.exe] => (Block) C:\program files\lexmark 2600 series\lxdnlscn.exe
FirewallRules: [UDP Query User{FBF22A7C-4579-45BE-944F-B505392B0902}C:\program files\lexmark 2600 series\lxdnlscn.exe] => (Block) C:\program files\lexmark 2600 series\lxdnlscn.exe
FirewallRules: [{B5026DFD-228D-4378-A39F-9340D781F9B6}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [{2BC4FAF0-7636-49CB-A9DB-488BC0995A31}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [{15E6AFDE-298E-469F-A3FA-F6EFDF573324}] => (Allow) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{5E7C4CFC-68D1-4826-B30C-E36F8F6A0A13}] => (Allow) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{E343569E-504F-4AD2-8AD7-EC0ECF174333}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{893737F0-2F57-4775-8E84-011CE9AF6758}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{06E3F4C0-40D8-44F4-92DD-17BFE8158226}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{4128CE8A-BEEA-4C9F-832E-7435FE28F9A5}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{CDBE4533-3201-4302-BA8B-96912FF4A7CB}] => (Allow) %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [TCP Query User{3E1E1DB2-8359-44F0-B88F-2E3490F5416F}C:\program files\lexmark 2600 series\lxdnmon.exe] => (Block) C:\program files\lexmark 2600 series\lxdnmon.exe
FirewallRules: [UDP Query User{F239AF1A-8725-47C6-97BC-E50B0DD35B9D}C:\program files\lexmark 2600 series\lxdnmon.exe] => (Block) C:\program files\lexmark 2600 series\lxdnmon.exe
FirewallRules: [TCP Query User{0E98F6F7-646E-4E12-8B57-B1AB2C168A7C}C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe] => (Block) C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe
FirewallRules: [UDP Query User{37A3E145-BCD9-4EF5-BB5F-BE41B70129BE}C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe] => (Block) C:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe
FirewallRules: [{3289E00E-73F9-4EEB-8A4C-A38B28FA627C}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{9DBF4A2F-E86B-4FD7-BB9D-2F5719711690}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{3BFDA529-4BCD-47D3-A222-EA35C8299CE1}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{1562587F-AFA5-46CC-993C-65BBCC8A76D8}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{EAAC344C-A7F1-48E4-A74E-7BED8978F3B2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{21F1B04D-CD00-4E54-8B78-F678598F9B19}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E3E2AA12-D157-4D7A-BE05-E4FB0FC5D522}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B9C43742-2864-4033-BBC6-A4EDEB61F905}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/14/2015 01:25:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung fscreg.exe, Version 2.0.1.0, Zeitstempel 0x486cbaaa, fehlerhaftes Modul MSHTML.dll, Version 9.0.8112.16644, Zeitstempel 0x5527ec3d, Ausnahmecode 0xc0000005, Fehleroffset 0x004479c1,
Prozess-ID 0x324, Anwendungsstartzeit fscreg.exe0.
Error: (05/14/2015 01:23:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/14/2015 01:07:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (05/14/2015 00:52:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rhuxjylw.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, fehlerhaftes Modul rhuxjylw.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, Ausnahmecode 0xc0000005, Fehleroffset 0x00012298,
Prozess-ID 0x1670, Anwendungsstartzeit rhuxjylw.exe0.
Error: (05/14/2015 00:44:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung fscreg.exe, Version 2.0.1.0, Zeitstempel 0x486cbaaa, fehlerhaftes Modul MSHTML.dll, Version 9.0.8112.16644, Zeitstempel 0x5527ec3d, Ausnahmecode 0xc0000005, Fehleroffset 0x004479c1,
Prozess-ID 0x7b4, Anwendungsstartzeit fscreg.exe0.
Error: (05/14/2015 00:38:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/13/2015 05:07:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16644 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: e20
Anfangszeit: 01d08d8e7da53c49
Zeitpunkt der Beendigung: 0
Error: (05/13/2015 05:01:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung fscreg.exe, Version 2.0.1.0, Zeitstempel 0x486cbaaa, fehlerhaftes Modul MSHTML.dll, Version 9.0.8112.16644, Zeitstempel 0x5527ec3d, Ausnahmecode 0xc0000005, Fehleroffset 0x004479c1,
Prozess-ID 0x288, Anwendungsstartzeit fscreg.exe0.
Error: (05/13/2015 04:59:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/13/2015 04:55:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/14/2015 00:13:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
Error: (05/13/2015 05:11:58 PM) (Source: DCOM) (EventID: 10016) (User: user-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}user-PCuserS-1-5-21-3645637860-4088369842-987407559-1000LocalHost (unter Verwendung von LRPC)
Error: (05/13/2015 04:55:55 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}
Error: (05/13/2015 04:55:48 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
Error: (05/13/2015 04:55:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: MpFilter
spldr
Wanarpv6
WINIO
Error: (05/13/2015 04:55:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Microsoft Network Inspection SystemMicrosoft Malware Protection Driver%%31
Error: (05/13/2015 04:55:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: ComputerbrowserServer%%1068
Error: (05/13/2015 04:54:08 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (05/13/2015 04:54:08 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (05/13/2015 04:53:56 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-05-14 13:33:24.441
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-14 13:33:23.844
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-14 13:33:23.189
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-14 13:33:22.592
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-14 13:33:21.688
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-14 13:33:21.088
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-14 13:33:20.469
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-14 13:33:19.789
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-14 13:32:43.999
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-14 13:32:43.270
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 51%
Total physical RAM: 2008.18 MB
Available physical RAM: 968.64 MB
Total Pagefile: 4261.65 MB
Available Pagefile: 2591.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.9 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:67.37 GB) (Free:19.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:156.73 GB) (Free:156.22 GB) NTFS
Drive f: () (Removable) (Total:14.95 GB) (Free:14.94 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: D56DB547)
Partition 1: (Not Active) - (Size=8.8 GB) - (Type=27)
Partition 2: (Active) - (Size=67.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=156.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 0007CAC0)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
==================== End Of Log ============================
Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:26 on 14/05/2015 (user)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Vielen Dank für eure Hilfe. Grüße Swissi |
| Themen zu Windows Vista 32 Bit: Browserseiten/fenster werden selbständig aufgerufen |
| adware/perinet.d.1, adware/perinet.d.2, adware/perinet.lasc.1, adware/yontoo.gen2, antivirus, entfernen, fehlercode %nt-autorität607, fehlercode 0x0, fehlercode 0x8007006d, fehlercode windows, flash player, iexplore.exe, internet, internet explorer, launch, maleware, programm, pup.optional.sweetim, pup.optional.sweetpacks.a, registry, software, svchost.exe, win32/reimagerepair.b, win32/sweetim.j |
Baum-Darstellung