| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.09.2013, 03:20
| #1 |
| |  Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware? Liebe Trojaner-Board-User, seit einiger Zeit bemerke ich immer wieder wenn ich eine Email schreibe und ich mit STRG + C in dem Text arbeite, dass es plötzlich vorkommt, dass nicht mehr ein Satz mit STRG + V eingefügt wird, sondern ein komletter Screenshot von meinem Computer, also von meinem geöffneten Browser. Ich habe aber zu keiner Zeit die Taste "Print Screen" gedrückt. Meine Frage daher: Handelt es sich dabei um eine Schad- oder Spysoftware, die ständig Screenshots macht und via Internet übermittelt? Software: - Mozilla 23.0.1 - Plugins up to date (außer bei Adobe Acrobat Reader X kommt immer die Meldung, es müsse aktualisiert werden, obwohl mehrmals gemacht) Windows Vista 32 BIT Virenscanner Avira Free AV Vielen Dank im Voraus für Eure Mithilfe  |
|
03.09.2013, 05:13
| #2 |
| /// the machine /// TB-Ausbilder    | Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
03.09.2013, 14:18
| #3 |
| | Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware? FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013
Ran by XXX (ATTENTION: The logged in user is not administrator) on XXX-PC on 03-09-2013 14:02:43
Running from C:\Users\XXX\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ODSoft multimedia) C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
(CyberLink Corp.) C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
(CyberLink Corp.) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
(Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
(AVM Berlin) C:\Programme\ComCenter\IWatch.exe
(Totem Entertainment) C:\Users\XXX\AppData\Local\vghd\bin\vghd.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Mozilla Corporation) C:\Users\XXX\AppData\Local\Mozilla Firefox\firefox.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Totem Entertainment) C:\Users\XXX\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TVBroadcast] - C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe [797696 2007-08-08] (ODSoft multimedia)
HKLM\...\Run: [PlayMovie] - C:\Program Files\HomeCinema\PlayMovie\PMVService.exe [172032 2007-09-07] (CyberLink Corp.)
HKLM\...\Run: [TVEService] - C:\Program Files\HomeCinema\TV Enhance\TVEService.exe [155648 2007-10-19] (CyberLink Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-08-17] (Realtek Semiconductor)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-09] (Intel Corporation)
HKLM\...\Run: [NMSSupport] - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation)
HKLM\...\Run: [CCUTRAYICON] - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel(R) Corporation)
HKLM\...\Run: [toolbar_eula_launcher] - C:\Program Files\GoogleEULA\EULALauncher.exe [x]
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-09-12] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8497696 2007-09-12] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-09-12] (NVIDIA Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-09-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.)
HKCU\...\Run: [Logitech Vid] - C:\Program Files\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
Startup: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk
ShortcutTarget: DesktopVideoPlayer.lnk -> C:\Users\XXX\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start Freenet.lnk
ShortcutTarget: Start Freenet.lnk -> C:\Users\XXX\AppData\Local\Freenet\freenet.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISDNWatch.lnk
ShortcutTarget: ISDNWatch.lnk -> C:\Programme\ComCenter\IWatch.exe (AVM Berlin)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
Toolbar: HKCU -Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9865AE8B-2F9C-4D59-B539-4B0938E0E0B0}: [NameServer]192.168.121.252,192.168.121.253
FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Homepage: about:home
FF Keyword.URL: https://duckduckgo.com/?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\searchplugins\duckduckgo-1.xml
FF SearchPlugin: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\searchplugins\startpage-https---deutsch.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\ich@maltegoetz.de
FF Extension: WOT - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: firefox - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\firefox@ghostery.com.xpi
FF Extension: jid1-ZAdIEUB7XOzOJw - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
FF Extension: No Name - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
========================== Services (Whitelisted) =================
R2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel(R) Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-01] (Avira Operations GmbH & Co. KG)
R2 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [206128 2007-10-15] (AVM Berlin)
S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel(R) Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel(R) Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()
R2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel(R) Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel(R) Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel(R) Corporation)
R2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel(R) Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH)
R2 SystemStore; C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [14848 2012-04-24] ()
R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [290909 2007-10-19] ()
R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [114779 2007-10-19] ()
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)
==================== Drivers (Whitelisted) ====================
R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1242976 2007-08-22] (NXP Semiconductors Germany GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-20] (Avira Operations GmbH & Co. KG)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. )
S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin)
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)
S3 NETPPPOI; C:\Windows\System32\DRIVERS\NETPPPOI.SYS [334640 2007-10-15] (AVM Berlin)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)
R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\HomeCinema\PlayMovie\000.fcl [41456 2007-10-11] (Cyberlink Corp.)
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files\HomeCinema\PowerDVD\000.fcl [41456 2007-10-09] (Cyberlink Corp.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-03 14:02 - 2013-09-03 14:02 - 00000000 ____D C:\FRST
2013-09-03 05:55 - 2012-07-26 05:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-09-03 05:55 - 2012-07-26 05:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-09-03 05:55 - 2012-07-26 05:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-09-03 05:55 - 2012-07-26 05:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-09-03 05:55 - 2012-07-26 05:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-09-03 05:55 - 2012-07-26 05:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-09-03 05:55 - 2012-07-26 05:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-09-03 05:55 - 2012-07-26 04:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-09-03 05:55 - 2012-07-26 04:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-09-03 05:55 - 2012-07-26 04:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-09-03 05:55 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-09-03 05:55 - 2012-06-02 16:34 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-09-03 05:55 - 2009-07-14 14:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2013-09-03 05:21 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-03 05:21 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-03 05:21 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-03 05:21 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-03 05:21 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-03 05:21 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-03 05:21 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-03 05:21 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-03 05:21 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-03 05:21 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-03 05:21 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-03 05:21 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-03 05:21 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-03 05:21 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-03 05:21 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-03 05:21 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-03 05:20 - 2012-11-22 05:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2013-09-03 05:19 - 2013-04-17 14:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-09-03 05:14 - 2013-04-15 16:20 - 00638328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-03 05:14 - 2013-04-13 12:56 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-09-03 05:14 - 2012-11-20 06:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-09-03 05:14 - 2012-11-02 12:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-09-03 05:14 - 2012-11-02 10:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2013-09-03 05:13 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-03 05:13 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-03 05:13 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-03 05:13 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-03 05:13 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-03 05:13 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-03 05:13 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-03 05:13 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-09-03 05:13 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-09-03 05:13 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-03 05:13 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-03 05:13 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-03 05:13 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-03 05:13 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-03 05:13 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-03 05:13 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-03 05:13 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-03 05:13 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-03 05:13 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-03 05:13 - 2013-03-09 05:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-03 05:13 - 2013-03-09 03:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-03 05:13 - 2013-03-03 21:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-09-03 05:13 - 2012-11-08 05:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-09-03 05:13 - 2012-11-02 12:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-09-03 05:13 - 2012-08-21 13:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-09-03 05:13 - 2012-06-29 18:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-09-03 05:12 - 2012-06-05 18:47 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-09-03 05:07 - 2013-03-08 05:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-03 04:41 - 2013-09-03 04:43 - 00000000 ____D C:\Windows\system32\MRT
2013-09-03 04:33 - 2013-09-03 04:33 - 00000000 ____D C:\Program Files\Microsoft CAPICOM 2.1.0.2
2013-09-03 04:25 - 2012-12-16 15:12 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-09-03 04:25 - 2012-12-16 12:50 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-09-03 04:23 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-03 04:23 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-09-03 04:23 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-03 04:23 - 2012-06-08 19:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-03 04:23 - 2012-05-11 17:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-03 04:22 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-03 04:22 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-03 04:22 - 2012-09-25 18:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-09-03 04:21 - 2013-02-12 03:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-09-03 04:20 - 2013-09-03 04:28 - 00000000 ____D C:\Users\XXX\Desktop\Screenshot
2013-09-03 04:20 - 2012-09-28 18:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-03 04:16 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-03 04:16 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-03 04:16 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-03 04:16 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-03 04:16 - 2013-03-08 05:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-03 04:16 - 2012-06-04 17:26 - 00440704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-09-03 04:16 - 2012-06-02 02:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-03 04:16 - 2012-05-01 16:03 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-09-02 00:19 - 2013-09-02 00:19 - 00000649 _____ C:\Users\XXX\Desktop\4. Schritt.txt
2013-09-01 04:06 - 2013-09-01 04:06 - 00903080 _____ (Oracle Corporation) C:\Users\XXX\Downloads\jre-7u25-windows-i586-iftw(1).exe
2013-09-01 04:02 - 2013-09-01 04:03 - 51769792 _____ (Adobe Systems Incorporated) C:\Users\XXX\Downloads\AdbeRdr1014_de_DE(1).exe
2013-09-01 03:58 - 2013-09-01 03:58 - 17737608 _____ (Adobe Systems Incorporated) C:\Users\XXX\Downloads\install_flash_player(1).exe
2013-09-01 03:58 - 2013-09-01 03:58 - 00903080 _____ (Oracle Corporation) C:\Users\XXX\Downloads\jre-7u25-windows-i586-iftw.exe
2013-09-01 03:51 - 2013-09-01 03:51 - 00000000 ____D C:\Users\XXX\AppData\Local\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-09-03 14:03 - 2011-03-05 12:35 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Macromedia
2013-09-03 14:02 - 2013-09-03 14:02 - 01084685 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe
2013-09-03 14:02 - 2013-09-03 14:02 - 00000000 ____D C:\FRST
2013-09-03 14:01 - 2011-03-05 01:23 - 01268844 _____ C:\Windows\WindowsUpdate.log
2013-09-03 13:57 - 2013-03-04 20:49 - 00000000 ____D C:\Users\XXX\AppData\Local\Freenet
2013-09-03 13:56 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 13:56 - 2006-11-02 14:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-03 13:56 - 2006-11-02 14:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-03 06:33 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-03 06:32 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-09-03 06:19 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-03 06:18 - 2006-11-02 12:33 - 01565338 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-03 06:05 - 2006-11-02 17:31 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-09-03 06:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-03 05:48 - 2011-03-05 01:53 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3662017351-1824195257-1989755620-1004UA.job
2013-09-03 05:37 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-09-03 05:35 - 2012-11-23 11:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-03 05:21 - 2007-10-09 17:42 - 00000000 ____D C:\Program Files\Microsoft Works
2013-09-03 04:57 - 2013-05-20 01:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-03 04:57 - 2006-11-02 14:47 - 00372080 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-03 04:55 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-03 04:43 - 2013-09-03 04:41 - 00000000 ____D C:\Windows\system32\MRT
2013-09-03 04:33 - 2013-09-03 04:33 - 00000000 ____D C:\Program Files\Microsoft CAPICOM 2.1.0.2
2013-09-03 04:28 - 2013-09-03 04:20 - 00000000 ____D C:\Users\XXX\Desktop\Screenshot
2013-09-02 00:19 - 2013-09-02 00:19 - 00000649 _____ C:\Users\XXX\Desktop\4. Schritt.txt
2013-09-02 00:14 - 2011-03-05 04:00 - 00000000 ____D C:\Users\XXX
2013-09-01 04:11 - 2012-06-28 01:14 - 00007592 _____ C:\Users\XXX\AppData\Local\d3d9caps.dat
2013-09-01 04:11 - 2007-10-10 13:56 - 00220582 _____ C:\Windows\PFRO.log
2013-09-01 04:06 - 2013-09-01 04:06 - 00903080 _____ (Oracle Corporation) C:\Users\XXX\Downloads\jre-7u25-windows-i586-iftw(1).exe
2013-09-01 04:03 - 2013-09-01 04:02 - 51769792 _____ (Adobe Systems Incorporated) C:\Users\XXX\Downloads\AdbeRdr1014_de_DE(1).exe
2013-09-01 03:59 - 2012-04-07 20:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-01 03:59 - 2011-05-23 09:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-01 03:58 - 2013-09-01 03:58 - 17737608 _____ (Adobe Systems Incorporated) C:\Users\XXX\Downloads\install_flash_player(1).exe
2013-09-01 03:58 - 2013-09-01 03:58 - 00903080 _____ (Oracle Corporation) C:\Users\XXX\Downloads\jre-7u25-windows-i586-iftw.exe
2013-09-01 03:51 - 2013-09-01 03:51 - 00000000 ____D C:\Users\XXX\AppData\Local\Mozilla Firefox
2013-08-05 16:00 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
Files to move or delete:
====================
C:\Users\ADMIN\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\ADMIN\AppData\Local\Temp\AskSLib.dll
C:\Users\ADMIN\AppData\Local\Temp\GDM189F.exe
C:\Users\ADMIN\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\ADMIN\AppData\Local\Temp\TubeBox_Setup.exe
C:\Users\ADMIN\AppData\Local\Temp\_WUTL95.DLL
C:\Users\ADMIN\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\29aed5.DLL
C:\Users\ADMIN\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Ctl3d32.dll
C:\Users\ADMIN\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\IsUninst.Exe
C:\Users\ADMIN\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\vcredist_x86.exe
C:\Users\ADMIN\AppData\Local\Temp\VSD8B8F.tmp\DotNetFX\dotnetchk.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\64bitProxy.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\aebb.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\aecore.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\aeemu.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\aegen.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\aehelp.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\aeheur.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\aeoffice.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\aepack.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\aerdl.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\aesbx.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\aescn.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\aescript.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\aevdf.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\apnic.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\apnstub.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\apntoolbarinstaller.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\AppRemover_64.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\AppRemover_API.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\AppRemover_CLI.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avacl.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avadmin.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avarkt.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avbb.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avcenter.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avconfig.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avconfig.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avesvc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avevtlog.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avghook.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avgio.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avgnt.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avguard.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avhlp.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avinet.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avipc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\AVManagerUnified.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avmres.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avnotify.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avpref.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avreg.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avrep.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avrestart.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avscan.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avscplr.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avsda.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avsda64.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avsmtp.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avupgsvc.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avwebgrd.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avwebloader.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avwebloader.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avwebloadergui.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avwinll.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avwmi.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\avwsc.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccavscanex.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccev.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccevw.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccgen.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccgenw.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccgrdw.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccguard.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\cchips.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\cclic.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\cclicw.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccmsg.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccprofil.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccquamgr.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccquaw.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccreport.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccrepow.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccscanw.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccsched.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccschedw.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccupdate.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccupdw.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccwgrd.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccwgrdw.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ccwkrlib.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\cfglib.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\extdlgfw.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\fact.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\gpavgio.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\gpevtlog.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\gpgavid.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\gpgen.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\gpgenrep.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\gpgrd.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\gpgui.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\gpipc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\gplegacy.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\gpschd.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\grdcore.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\guardgui.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\imp64b.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\Impl_AntiphishingLib.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\Impl_AntivirusLib.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\Impl_FirewallLib.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\Impl_SoftwareProductLib.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\inssda64.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\insthlp.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\ipmgui.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\libdb44.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\licmgr.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\luke.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\mgrs.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\msgclient.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\msvcp80.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\msvcr80.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\netnt.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\OESISCore.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\onlcfg.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\presetup.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\rcNwLoad_de.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\rcnwload_en.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\rcnwload_es.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\rcnwload_fr.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\rcnwload_it.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\rcnwload_jp.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\rcnwload_ko.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\rcnwload_nl.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\rcnwload_pt.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\rcnwload_ru.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\rcnwload_tr.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\rcnwload_zhcn.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\rcnwload_zhtw.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\redist.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\scewxmlw.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\sched.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\setup.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\shlext.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\shlext64.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\sqlite3.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\thorwac.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\unacev2.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\update.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\update.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\updext.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\updgui.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\updrgui.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\vcredist_x86.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\webcat.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\wksstats.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\wsctool.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\xp\avshadow.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\vista64\avipc64.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\vista64\avshadow.exe
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\avconfigrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\avesvcr.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\avevtrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\avnotify.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\avscan.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\avwebgrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\ccavscanexrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\ccevrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\ccgenrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\ccgrdrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\cchipsrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\cclicrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\ccmainrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\ccmsgrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\ccquarc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\ccreporc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\ccscanrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\ccscherc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\ccupdrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\ccwgrdrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\factrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\guardmsg.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\licmgr.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\lukeres.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\rchelp.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\rcimage.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\rctext.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\restartrc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\schedr.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\setup.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\updaterc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\updguirc.dll
C:\Users\ADMIN\AppData\Local\Temp\RarSFX0\de-de\webcatrc.dll
C:\Users\ADMIN\AppData\Local\Temp\OCS\ICSharpCode.SharpZipLib.dll
C:\Users\ADMIN\AppData\Local\Temp\OCS\ocs_v5c.exe
C:\Users\ADMIN\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\f5acec4f7e49e78e07efbb83ebde7b79\setup-vghd.exe
C:\Users\ADMIN\AppData\Local\Temp\mProjector1640541402\mPlayer.3.1.1k.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\dotNetFx40LP_Full_x86de.exe
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\Setup.exe
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupEngine.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupUi.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupUtility.exe
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\sqmapi.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\3082\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\3076\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\2070\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\2052\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1055\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1053\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1049\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1046\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1045\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1044\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1043\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1042\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1041\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1040\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1038\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1037\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1036\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1035\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1033\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1032\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1031\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1030\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1029\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1028\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1025\SetupResources.dll
C:\Users\ADMIN\AppData\Local\Temp\lu\lws_13_modelsinstaller_logitech_32.exe
C:\Users\ADMIN\AppData\Local\Temp\lu\lws_16_helpinstaller_logitech_32.exe
C:\Users\ADMIN\AppData\Local\Temp\lu\lws_17_getmoreinstaller_logitech_32.exe
C:\Users\ADMIN\AppData\Local\Temp\lu\lws_21_lws_driver_installer_logitech_32.exe
C:\Users\ADMIN\AppData\Local\Temp\lu\lws_23_lws_sharedbin_installer_32.exe
C:\Users\ADMIN\AppData\Local\Temp\lu\lws_24_youku_32.exe
C:\Users\ADMIN\AppData\Local\Temp\lu\lws_4032_install_lu_logitech.exe
C:\Users\ADMIN\AppData\Local\Temp\Low\Google Toolbar\gtb58C.tmp.exe
C:\Users\ADMIN\AppData\Local\Temp\LogiUpdaterInstallerTemp\LDMRemover.exe
C:\Users\ADMIN\AppData\Local\Temp\13B.dir\InstallFlashPlayer.exe
C:\Users\XXX\AppData\Local\Temp\AskSLib.dll
C:\Users\XXX\AppData\Local\Temp\DivXSetup.exe
C:\Users\XXX\AppData\Local\Temp\dotNetFx40_Full_setup.exe
C:\Users\XXX\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\XXX\AppData\Local\Temp\i4jdel0.exe
C:\Users\XXX\AppData\Local\Temp\tmp4C11.tmp.exe
C:\Users\XXX\AppData\Local\Temp\tmp696D.tmp.exe
C:\Users\XXX\AppData\Local\Temp\tmp9237.tmp.exe
C:\Users\XXX\AppData\Local\Temp\tmp9FDE.tmp.exe
C:\Users\XXX\AppData\Local\Temp\TubeBox_Setup.exe
C:\Users\XXX\AppData\Local\Temp\{124F3851-B6AA-4F25-8702-7DCCDDEC645B}\InstallFlashPlayer.exe
C:\Users\XXX\AppData\Local\Temp\VSDA73D.tmp\DotNetFX\dotnetchk.exe
C:\Users\XXX\AppData\Local\Temp\VSD7EC1.tmp\DotNetFX\dotnetchk.exe
C:\Users\XXX\AppData\Local\Temp\VSD2D66.tmp\DotNetFX\dotnetchk.exe
C:\Users\XXX\AppData\Local\Temp\Temp1_oilimperiumgeldtrainer.zip\OilImpMoney.exe
C:\Users\XXX\AppData\Local\Temp\mProjector1640541402\mPlayer.3.1.1k.dll
C:\Users\XXX\AppData\Local\Temp\DC5A.dir\InstallFlashPlayer.exe
C:\Users\XXX\AppData\Local\Temp\D336.dir\InstallFlashPlayer.exe
C:\Users\XXX\AppData\Local\Temp\CEC4.dir\InstallFlashPlayer.exe
C:\Users\XXX\AppData\Local\Temp\C429.dir\InstallFlashPlayer.exe
C:\Users\XXX\AppData\Local\Temp\A64D.dir\InstallFlashPlayer.exe
C:\Users\XXX\AppData\Local\Temp\8F44.dir\InstallFlashPlayer.exe
C:\Users\XXX\AppData\Local\Temp\8611.dir\InstallFlashPlayer.exe
C:\Users\XXX\AppData\Local\Temp\8575.dir\InstallFlashPlayer.exe
C:\Users\XXX\AppData\Local\Temp\8372.dir\InstallFlashPlayer.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-09-2013
Ran by xxx at 2013-09-03 14:05:27
Running from C:\Users\xxx\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Flash Player ActiveX (Version: 9.0.47.0)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
Adobe Shockwave Player (Version: 10.2.0.23)
ALDI Foto Manager Free Sued (Version: 3.4.0.466)
ALDI Online Druck Service (Sued)
ALDI Sued Foto Service (Version: 1.12.0.93)
Aldi Süd Fotoservice
Amazon MP3-Downloader 1.0.9
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
Audiograbber 1.83 SE (Version: 1.83 SE )
Avira Free Antivirus (Version: 13.0.0.3885)
CameraHelperMsi (Version: 13.31.1038.0)
CCleaner (Version: 3.04)
ComCenter
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
ConvertHelper 2.2
DivX-Setup (Version: 2.5.0.8)
erLT (Version: 1.20.138.34)
Firebird SQL Server - MAGIX Edition (Version: 2.0.1.8)
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
Free CD Ripper V1.95 (Version: 1.95.0.0)
Free CD to MP3 Converter
Free FLV Converter V 7.1.0 (Version: 7.1.0.0)
Free Mp3 Wma Converter V 1.95 (Version: 1.95.0.0)
Freenet
Freez FLV to MP3 Converter (Version: 1.5)
GermaniX Transcoder (Version: 4.2)
Guck mal 12.0
Hex-Editor MX (Version: 6.0)
HP Foto- und Bildbearbeitung 2.0 - All-in-One (Version: 1.10.0000)
HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber (Version: 1.10.0000)
ICQ7.4 (Version: 7.4)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections 12.2.41.0 (Version: 12.2.41.0)
Intel® Viiv™ Software (Version: 1.7.512.0)
IrfanView (remove only) (Version: 4.32)
Jagged Alliance: Deadly Games
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Konfigurator Eumex 400
Letstrade (Version: 1.00.0000)
Logitech Vid HD (Version: 7.2 (7248))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
MakeDisc (Version: 3.0.2203)
MCE Software Encoder 1.1 (Version: 1.1.0.1918)
MediaShow (Version: 3.0.4325)
MEDION Fotos auf CD Sued (Version: 6.0.2.0)
MEDIONbox (Version: 1.09.0000.00050)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 23.0.1 (x86 de) (HKCU Version: 23.0.1)
Mp3tag v2.51 (Version: v2.51)
MP4 To MP3 Converter V3.0
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 8 Essentials (Version: 8.10.124)
neroxml (Version: 1.0.0)
NVIDIA Drivers
OpenTTD 1.1.3 (Version: 1.1.3)
Orbit Downloader
PC Inspector File Recovery (Version: 4.0)
PhotoNow! 1.0 (Version: 3.0.4310)
Play Movie (Version: BD+HD 1.5.3307.0)
PowerDirector (Version: 6.5.2209a)
PowerDVD (Version: 7.3.3319c.0)
PowerProducer
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 6.0.1.5470)
Sceneo AbsolutTV
SimCity 2000® Special Edition
Skype™ 6.1 (Version: 6.1.129)
Steam (Version: 1.0.0.0)
TubeBox (Version: 3.5.2)
TV Enhance (Version: 1.0.4619)
TVsweeper (Version: 3.0.2)
Ulead PhotoImpact 12 (Version: 12.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VCRedistSetup (Version: 1.0.0)
VirtuaGirl HD
VirtuaGirl version 1.0.8.2 (HKCU Version: 1.0.8.2)
WAV MP3 Converter v4.4 build 1429
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.11 (32-Bit) (Version: 4.11.0)
WISO Mein Geld 2008 Professional (Version: 9.00.01.0023)
WMPCDText 1.2 (Version: 1.2)
X10 Hardware(TM)
==================== Restore Points =========================
Could not list Restore Points.
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3662017351-1824195257-1989755620-1004Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3662017351-1824195257-1989755620-1004UA.job => ?
==================== Loaded Modules (whitelisted) =============
2006-11-02 10:40 - 2006-11-02 11:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll
2011-05-26 13:19 - 2008-01-19 09:36 - 01298432 _____ (Microsoft Corporation) C:\Windows\System32\TMM.dll
2006-11-02 10:45 - 2006-11-02 11:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\pautoenr.dll
2011-05-26 18:20 - 2009-04-11 08:28 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\certenroll.dll
2011-05-26 18:20 - 2009-04-11 08:28 - 02012160 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll
2007-10-09 23:26 - 2007-09-12 10:58 - 04988928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2011-05-26 18:19 - 2009-04-11 08:28 - 00099328 _____ (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpband.dll
2011-05-26 18:20 - 2009-04-11 08:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll
2007-10-22 14:02 - 2007-09-07 01:26 - 01060864 _____ (Microsoft Corporation) C:\Program Files\HomeCinema\PlayMovie\MFC71.DLL
2007-10-22 14:02 - 2007-09-07 01:26 - 00348160 _____ (Microsoft Corporation) C:\Program Files\HomeCinema\PlayMovie\MSVCR71.dll
2007-10-22 14:02 - 2007-09-07 01:26 - 00499712 _____ (Microsoft Corporation) C:\Program Files\HomeCinema\PlayMovie\MSVCP71.dll
2012-01-02 16:13 - 2003-03-19 06:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\MFC71DEU.DLL
2007-10-22 14:02 - 2007-10-19 17:42 - 01060864 _____ (Microsoft Corporation) C:\Program Files\HomeCinema\TV Enhance\MFC71.DLL
2007-10-22 14:02 - 2007-10-19 17:42 - 00348160 _____ (Microsoft Corporation) C:\Program Files\HomeCinema\TV Enhance\MSVCR71.dll
2007-10-22 14:02 - 2007-10-19 17:42 - 00499712 _____ (Microsoft Corporation) C:\Program Files\HomeCinema\TV Enhance\MSVCP71.dll
2007-10-09 17:05 - 2006-10-17 14:38 - 01286144 _____ (X10 Wireless Technology, Inc.) C:\Program Files\Common Files\X10\Common\x10net.dll
2007-10-22 14:03 - 2007-10-19 17:42 - 00114780 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
2007-10-22 14:03 - 2007-10-19 17:42 - 00032768 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
2007-10-22 14:03 - 2007-10-19 17:42 - 00245858 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
2007-10-22 14:03 - 2007-10-19 17:42 - 00339968 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
2007-10-15 16:18 - 2007-10-08 23:56 - 00258048 _____ (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
2007-10-15 16:18 - 2007-10-09 00:16 - 00077824 _____ (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_DEU.dll
2007-06-27 10:15 - 2007-06-27 10:15 - 00181976 _____ (Intel(R) Corporation) C:\Program Files\Intel\IntelDH\bin\IntelDH.dll
2007-06-27 10:19 - 2007-06-27 10:19 - 00137432 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\IntelDH\bin\CCU_ResMgr.dll
2007-06-27 10:19 - 2007-06-27 10:19 - 00129240 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\IntelDH\CCU\Language\DEU\ccu.dll
2011-03-21 20:57 - 2011-03-21 20:57 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2011-05-26 15:50 - 2011-03-03 17:40 - 00542720 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcLayers.DLL
2007-10-09 23:26 - 2007-09-12 10:58 - 00081920 _____ (NVIDIA Corporation) C:\Windows\system32\NvMcTray.dll
2007-10-09 23:26 - 2007-09-12 10:58 - 00364544 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2011-06-11 01:58 - 2011-06-11 01:58 - 04422992 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll
2011-06-11 01:58 - 2011-06-11 01:58 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2011-06-11 01:58 - 2011-06-11 01:58 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2011-06-11 01:58 - 2011-06-11 01:58 - 00064336 _____ (Microsoft Corporation) C:\Windows\system32\MFC100DEU.DLL
2011-11-11 15:08 - 2011-11-11 15:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 15:08 - 2011-11-11 15:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 15:08 - 2011-11-11 15:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-01-17 23:44 - 2012-01-17 23:44 - 00561176 _____ (Logitech Inc.) C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\Main_Help.dll
2011-11-11 15:08 - 2011-11-11 15:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 15:08 - 2011-11-11 15:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2007-10-09 23:26 - 2007-09-12 10:58 - 00086016 _____ (NVIDIA Corporation) C:\Windows\System32\NVSVC.DLL
2006-11-02 14:35 - 2006-11-02 14:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\eHome\ehProxy.dll
2006-11-02 11:11 - 2006-11-02 11:46 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2013-09-03 05:21 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-03 05:13 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Warp.dll
2009-04-10 01:04 - 2009-04-10 01:04 - 02141008 _____ () C:\Program Files\Logitech\Vid HD\QtCore4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 07704400 _____ () C:\Program Files\Logitech\Vid HD\QtGui4.dll
2009-04-22 23:53 - 2009-04-22 23:53 - 00969040 _____ () C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00475472 _____ () C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00363856 _____ () C:\Program Files\Logitech\Vid HD\QtXml4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00200016 _____ () C:\Program Files\Logitech\Vid HD\QtSql4.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 00027472 _____ () C:\Program Files\Logitech\Vid HD\SDL.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 11311952 _____ () C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00291664 _____ () C:\Program Files\Logitech\Vid HD\phonon4.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 00124320 _____ (FFMPEG.org) C:\Program Files\Logitech\Vid HD\avutil-49.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 03740560 _____ (FFMPEG.org) C:\Program Files\Logitech\Vid HD\avcodec-52.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 00366768 _____ (FFMPEG.org) C:\Program Files\Logitech\Vid HD\avformat-52.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 01029464 _____ (dicas digital image coding GmbH) C:\Program Files\Logitech\Vid HD\H264VidEncodeAPI.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 00079192 _____ (dicas digital image coding GmbH) C:\Program Files\Logitech\Vid HD\StreamIO2.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 00103768 _____ (dicas digital image coding GmbH) C:\Program Files\Logitech\Vid HD\H264NvidiaVidDecodeAPI.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 00427352 _____ (dicas digital image coding GmbH) C:\Program Files\Logitech\Vid HD\H264VidDecodeAPI.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 00268048 _____ (LuraTech Imaging GmbH) C:\Program Files\Logitech\Vid HD\lwf_jp2.dll
2011-01-13 03:57 - 2011-01-13 03:57 - 00751616 _____ () C:\Program Files\Logitech\Vid HD\vpxmd.dll
2011-01-13 03:57 - 2011-01-13 03:57 - 03590328 _____ (Intel Corporation) C:\Program Files\Logitech\Vid HD\libmmd.dll
2009-03-04 00:18 - 2009-03-04 00:18 - 00029008 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-04 00:18 - 2009-03-04 00:18 - 00035152 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-04 00:18 - 2009-03-04 00:18 - 00138064 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 00207872 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Program Files\Logitech\Vid HD\ssleay32.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 01012224 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Program Files\Logitech\Vid HD\LIBEAY32.dll
2011-05-26 13:19 - 2008-01-19 09:33 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2007-10-09 23:26 - 2007-08-22 11:01 - 00105056 _____ (NXP Semiconductors Germany GmbH) C:\Windows\system32\NXPMV32.dll
2006-11-02 10:55 - 2006-11-02 11:44 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\vidcap.ax
2011-05-26 18:20 - 2009-04-11 08:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\kswdmcap.ax
2012-01-18 08:43 - 2012-01-18 08:43 - 00183320 _____ () C:\Program Files\Common Files\logishrd\SharedBin\LVAPI11.dll
2011-05-26 13:19 - 2008-01-19 09:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax
2010-03-18 14:16 - 2010-03-18 14:16 - 00042312 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
2013-04-26 06:13 - 2013-04-26 06:13 - 06734472 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
2010-03-18 14:16 - 2010-03-18 14:16 - 00771424 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100_CLR0400.dll
2007-06-27 10:18 - 2007-06-27 10:18 - 00019160 _____ (Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\AlertServicePS.dll
2007-10-15 16:58 - 2007-10-15 16:58 - 01101824 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
2012-01-02 16:13 - 2007-12-06 02:07 - 00226608 _____ (Sequiter Software Inc.) C:\Programme\ComCenter\C80dll.dll
2007-10-15 16:58 - 2007-10-15 16:58 - 00065536 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80DEU.DLL
2012-01-02 16:13 - 2003-07-11 17:51 - 00031232 _____ (AVM Berlin GmbH) C:\Programme\ComCenter\I2errdeu.dll
2006-07-11 18:43 - 2006-07-11 18:43 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\MFC71.DLL
2007-10-15 17:22 - 2003-02-21 06:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR71.dll
2011-12-26 17:58 - 2011-10-27 17:49 - 00184832 _____ () C:\Users\xxx\AppData\Local\vghd\bin\dxmodules.dll
2011-12-26 17:58 - 2010-05-26 12:41 - 01998168 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Local\vghd\bin\d3dx9_43.dll
2011-12-26 17:58 - 2011-12-15 16:30 - 00073216 _____ () C:\Users\xxx\AppData\Local\vghd\bin\System.dll
2006-11-02 10:33 - 2006-11-02 10:33 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\LZ32.dll
2011-12-26 17:58 - 2010-03-18 10:15 - 00421200 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Local\vghd\bin\MSVCP100.dll
2011-12-26 17:58 - 2011-02-19 01:40 - 00773968 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Local\vghd\bin\MSVCR100.dll
2011-12-26 17:58 - 2011-06-01 15:27 - 00818176 _____ () C:\Users\xxx\AppData\Local\vghd\bin\vhd.dll
2011-12-26 17:58 - 2011-06-01 15:28 - 00045056 _____ () C:\Users\xxx\AppData\Local\vghd\bin\Windows.dll
2011-12-26 17:58 - 2011-11-16 15:20 - 11159552 _____ () C:\Users\xxx\AppData\Local\vghd\bin\QtWebKit4.dll
2011-12-26 17:58 - 2011-11-16 14:18 - 00270336 _____ () C:\Users\xxx\AppData\Local\vghd\bin\phonon4.dll
2011-12-26 17:58 - 2011-11-16 14:12 - 08451072 _____ () C:\Users\xxx\AppData\Local\vghd\bin\QtGui4.dll
2011-12-26 17:58 - 2011-11-16 14:03 - 02349056 _____ () C:\Users\xxx\AppData\Local\vghd\bin\QtCore4.dll
2011-12-26 17:58 - 2011-11-16 14:04 - 00860160 _____ () C:\Users\xxx\AppData\Local\vghd\bin\QtNetwork4.dll
2011-12-26 17:58 - 2011-11-16 14:03 - 00358400 _____ () C:\Users\xxx\AppData\Local\vghd\bin\QtXml4.dll
2011-12-26 17:58 - 2011-11-16 15:32 - 00026624 _____ () C:\Users\xxx\AppData\Local\vghd\bin\imageformats\qgif4.dll
2011-12-26 17:58 - 2011-11-16 15:33 - 00029184 _____ () C:\Users\xxx\AppData\Local\vghd\bin\imageformats\qico4.dll
2011-12-26 17:59 - 2011-11-16 15:32 - 00200704 _____ () C:\Users\xxx\AppData\Local\vghd\bin\imageformats\qjpeg4.dll
2011-12-26 17:59 - 2011-11-16 15:32 - 00222720 _____ () C:\Users\xxx\AppData\Local\vghd\bin\imageformats\qmng4.dll
2011-12-26 17:59 - 2011-11-16 15:33 - 00287232 _____ () C:\Users\xxx\AppData\Local\vghd\bin\imageformats\qtiff4.dll
2013-09-01 03:51 - 2012-06-22 00:26 - 00770384 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Local\Mozilla Firefox\MSVCR100.dll
2013-09-01 03:51 - 2012-06-22 00:26 - 00421200 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Local\Mozilla Firefox\MSVCP100.dll
2013-09-01 03:51 - 2013-09-01 03:51 - 00158104 _____ (Mozilla Foundation) C:\Users\xxx\AppData\Local\Mozilla Firefox\mozglue.dll
2013-09-01 03:51 - 2013-09-01 03:51 - 01914264 _____ (Mozilla Foundation) C:\Users\xxx\AppData\Local\Mozilla Firefox\nss3.dll
2013-09-01 03:51 - 2013-09-01 03:51 - 03551640 _____ () C:\Users\xxx\AppData\Local\Mozilla Firefox\mozjs.dll
2013-09-01 03:51 - 2013-09-01 03:51 - 00016280 _____ (Mozilla Foundation) C:\Users\xxx\AppData\Local\Mozilla Firefox\mozalloc.dll
2013-09-01 03:51 - 2013-09-01 03:51 - 03429784 _____ (Mozilla Foundation) C:\Users\xxx\AppData\Local\Mozilla Firefox\gkmedias.dll
2013-09-01 03:51 - 2013-09-01 03:51 - 20616088 _____ (Mozilla Foundation) C:\Users\xxx\AppData\Local\Mozilla Firefox\xul.dll
2013-09-01 03:51 - 2013-09-01 03:51 - 00262552 _____ (Mozilla Foundation) C:\Users\xxx\AppData\Local\Mozilla Firefox\browser\components\browsercomps.dll
2013-09-01 03:51 - 2013-09-01 03:51 - 00152984 _____ (Mozilla Foundation) C:\Users\xxx\AppData\Local\Mozilla Firefox\softokn3.dll
2013-09-01 03:51 - 2013-09-01 03:51 - 00091544 _____ (Mozilla Foundation) C:\Users\xxx\AppData\Local\Mozilla Firefox\nssdbm3.dll
2013-09-01 03:51 - 2013-09-01 03:51 - 00301976 _____ (Mozilla Foundation) C:\Users\xxx\AppData\Local\Mozilla Firefox\freebl3.dll
2013-09-01 03:51 - 2013-09-01 03:51 - 00392600 _____ (Mozilla Foundation) C:\Users\xxx\AppData\Local\Mozilla Firefox\nssckbi.dll
2011-11-11 15:09 - 2011-11-11 15:09 - 00635928 _____ (Logitech Inc.) C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\CameraHelperUI.dll
2011-11-11 15:09 - 2011-11-11 15:09 - 00389656 _____ (Logitech Inc.) C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\CameraControlsUI.dll
2011-11-11 15:09 - 2011-11-11 15:09 - 00206360 _____ (Logitech Inc.) C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\VFXCore.dll
2011-11-11 15:09 - 2011-11-11 15:09 - 00347160 _____ (Logitech Inc.) C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\CameraControls_Core.dll
2011-11-11 15:09 - 2011-11-11 15:09 - 00148504 _____ (Logitech Inc.) C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\VideoEffects.dll
2011-08-12 13:19 - 2011-08-12 13:19 - 00060952 _____ (Logitech Inc.) C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManagerPS.dll
2011-11-11 15:09 - 2011-11-11 15:09 - 00336408 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
==================== Alternate Data Streams (whitelisted) ==========
AlternateDataStreams: C:\Users\xxx\5 POMPOMS.mp4:TOC.WMV
AlternateDataStreams: C:\Users\xxx\Manian feat. Carlprit - Don_t Stop The Dancing (Official Vid.mp4:TOC.WMV
==================== Faulty Device Manager Devices =============
Name: 802.11 n/g/b Wireless LAN USB Adapter
Description: 802.11 n/g/b Wireless LAN USB Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: AzureWave Technologies, Inc.
Service: netr28u
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: PPP over ISDN
Description: PPP over ISDN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: AVM
Service: NETPPPOI
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/03/2013 06:00:59 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}
Error: (09/03/2013 04:44:46 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/03/2013 04:37:06 AM) (Source: MsiInstaller) (User: xxx-PC)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}
Error: (09/03/2013 04:33:37 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/03/2013 04:29:18 AM) (Source: MsiInstaller) (User: xxx-PC)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Während der Installation der Assembly "Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"" ist ein Fehler aufgetreten. Weitere Informationen finden Sie unter Hilfe und Support. HRESULT: 0x80070BC9, Assemblyschnittstelle: IAssemblyCacheItem, Funktion: Commit, Komponente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}
Error: (09/03/2013 04:26:11 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/01/2013 04:09:50 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung MsiExec.exe, Version 4.5.6002.18005, Zeitstempel 0x49e01c42, fehlerhaftes Modul MSIFD32.tmp, Version 1.0.0.0, Zeitstempel 0x51c4bba9, Ausnahmecode 0xc0000417, Fehleroffset 0x00015505,
Prozess-ID 0x1e6c, Anwendungsstartzeit MsiExec.exe0.
Error: (09/01/2013 04:07:27 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/01/2013 04:07:23 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/01/2013 04:04:33 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
System errors:
=============
Error: (09/03/2013 06:07:53 AM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{7FA6207C-FA60-4C3B-A1C0-165D0EA7E675} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (09/03/2013 06:02:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243){729A0DCB-DF9E-4D02-B603-ED1AEE074428}104
Error: (09/03/2013 04:38:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243){729A0DCB-DF9E-4D02-B603-ED1AEE074428}104
Error: (09/01/2013 03:56:36 AM) (Source: Service Control Manager) (User: )
Description: Avira Echtzeit-Scanner101Neustart des Diensts
Error: (09/01/2013 03:56:36 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5
Error: (09/01/2013 03:56:35 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5
Error: (05/17/2013 11:43:58 AM) (Source: Service Control Manager) (User: )
Description: X10 Device Network Service%%1053
Error: (05/17/2013 11:43:58 AM) (Source: Service Control Manager) (User: )
Description: 30000X10 Device Network Service
Error: (04/10/2013 08:32:01 PM) (Source: Service Control Manager) (User: )
Description: System Store%%1053
Error: (04/10/2013 08:32:01 PM) (Source: Service Control Manager) (User: )
Description: 30000System Store
Microsoft Office Sessions:
=========================
Error: (09/03/2013 06:00:59 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}(NULL)(NULL)(NULL)(NULL)
Error: (09/03/2013 04:44:46 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/03/2013 04:37:06 AM) (Source: MsiInstaller)(User: xxx-PC)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}(NULL)(NULL)(NULL)(NULL)
Error: (09/03/2013 04:33:37 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/03/2013 04:29:18 AM) (Source: MsiInstaller)(User: xxx-PC)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Während der Installation der Assembly "Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"" ist ein Fehler aufgetreten. Weitere Informationen finden Sie unter Hilfe und Support. HRESULT: 0x80070BC9, Assemblyschnittstelle: IAssemblyCacheItem, Funktion: Commit, Komponente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)
Error: (09/03/2013 04:26:11 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/01/2013 04:09:50 AM) (Source: Application Error)(User: )
Description: MsiExec.exe4.5.6002.1800549e01c42MSIFD32.tmp1.0.0.051c4bba9c0000417000155051e6c01cea6b854e2bcf0
Error: (09/01/2013 04:07:27 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/01/2013 04:07:23 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (09/01/2013 04:04:33 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
CodeIntegrity Errors:
===================================
Date: 2013-03-06 17:09:54.294
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-06 17:09:54.202
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-01-06 05:35:23.167
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-01-06 05:35:23.086
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-01-03 01:46:43.723
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-01-03 01:46:43.652
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-01-03 01:46:00.251
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-01-03 01:46:00.180
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-01-03 01:31:39.097
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-01-03 01:31:39.025
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvd3dum.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 66%
Total physical RAM: 2045.45 MB
Available physical RAM: 676.02 MB
Total Pagefile: 4337.92 MB
Available Pagefile: 2352.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.93 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:445.76 GB) (Free:303.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:8.43 GB) FAT32
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
03.09.2013, 20:19
| #4 | |
| /// the machine /// TB-Ausbilder | Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware?Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.09.2013, 21:27
| #5 |
| | Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware? Voilà: Code:
ATTFilter ComboFix 13-09-02.02 - ADMIN 03.09.2013 22:07:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.593 [GMT 2:00]
ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-03 bis 2013-09-03 ))))))))))))))))))))))))))))))
.
.
2013-09-03 20:18 . 2013-09-03 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-03 20:18 . 2013-09-03 20:20 -------- d-----w- c:\users\ADMIN\AppData\Local\temp
2013-09-03 20:18 . 2013-09-03 20:18 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2013-09-03 12:02 . 2013-09-03 12:02 -------- d-----w- C:\FRST
2013-09-03 03:55 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-09-03 03:55 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-09-03 03:55 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-09-03 03:55 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-09-03 03:55 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-09-03 03:55 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-09-03 03:55 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-09-03 03:55 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-09-03 03:55 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-09-03 03:55 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-09-03 03:55 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-09-03 03:20 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2013-09-03 03:19 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-09-03 03:14 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-09-03 03:14 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll
2013-09-03 03:14 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-09-03 03:14 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-09-03 03:14 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-03 03:12 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2013-09-03 03:07 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-09-03 02:41 . 2013-09-03 02:43 -------- d-----w- c:\windows\system32\MRT
2013-09-03 02:33 . 2013-09-03 02:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2013-09-03 02:25 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-09-03 02:25 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-09-03 02:23 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-03 02:23 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-09-03 02:23 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-09-03 02:23 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2013-09-03 02:22 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-09-03 02:22 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-03 02:22 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2013-09-03 02:21 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-09-03 02:16 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-09-03 02:16 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-09-03 02:16 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-03 02:16 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2013-09-03 02:16 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-09-03 02:16 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-09-03 02:16 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-09-03 02:16 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-09-03 02:16 . 2013-04-09 03:52 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-09-03 02:16 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-09-03 02:16 . 2013-04-09 03:51 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-09-03 02:16 . 2013-04-09 03:51 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-09-01 01:51 . 2013-09-01 01:51 -------- d-----w- c:\users\XXX\AppData\Local\Mozilla Firefox
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-01 01:59 . 2012-04-07 18:52 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-01 01:59 . 2011-05-23 07:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\programme\Steam\Steam.exe" [2009-09-14 1217808]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"PlayMovie"="c:\program files\HomeCinema\PlayMovie\PMVService.exe" [2007-09-06 172032]
"TVEService"="c:\program files\HomeCinema\TV Enhance\TVEService.exe" [2007-10-19 155648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-01 345144]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files\Logitech\Ereg\eReg.exe /remind /language=DEU /_WFM="." [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ISDNWatch.lnk - c:\programme\ComCenter\IWatch.exe [2012-1-2 275760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-08-22 1242976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 01:59]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3662017351-1824195257-1989755620-1004Core.job
- c:\users\ADMIN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-04 23:53]
.
2013-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3662017351-1824195257-1989755620-1004UA.job
- c:\users\ADMIN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-04 23:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = hxxp://www.google.com/ie
IE: &Download by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/202
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\programme\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9865AE8B-2F9C-4D59-B539-4B0938E0E0B0}: NameServer = 192.168.121.252,192.168.121.253
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-c:\users\XXX\AppData\Local\Temp\tmp9FDE.tmp.exe - c:\users\XXX\AppData\Local\Temp\tmp9FDE.tmp.exe
HKLM-Run-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk - c:\users\ADMIN\AppData\Local\vghd\bin\vghd.exe -
fromStartup
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start Freenet.lnk - c:\users\ADMIN\AppData\Local\Freenet\freenet.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-ComCenter 1.0 - c:\windows\IsUn0407.exe
AddRemove-Konfigurator Eumex 400 - c:\windows\IsUn0407.exe
AddRemove-vghd - c:\users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl HD\uninstall.lnk
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-09-03 22:20
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\ADMIN\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD\000.fcl"
.
Zeit der Fertigstellung: 2013-09-03 22:23:13
ComboFix-quarantined-files.txt 2013-09-03 20:23
.
Vor Suchlauf: 29 Verzeichnis(se), 325.800.050.688 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 331.330.924.544 Bytes frei
.
- - End Of File - - 370C35ABB5085A66D798A7C2E194E474
671B81004FDD1588FA9ED1331C9CECA9
|
|
04.09.2013, 09:01
| #6 |
| /// the machine /// TB-Ausbilder | Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware? |
|
04.09.2013, 12:01
| #7 |
| | Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware? Hallo Schrauber und vielen Dank nochmal für Deine ausführliche Hilfe!  Kurze Zwischenfrage: Ist es denn bis jetzt schon ersichtlich, dass Malware auf dem PC ist? Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.04.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 xxx :: xxx-PC [limitiert] 04.09.2013 11:53:33 mbam-log-2013-09-04 (11-53-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 188762 Laufzeit: 6 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\xxx\Downloads\agsetup183se.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxx\Downloads\SoftonicDownloader_fuer_germanix-transcoder.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxx\Downloads\SoftonicDownloader_fuer_total-audio-converter.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.002 - Bericht erstellt am 04/09/2013 um 12:13:38
# Updated 01/09/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : ADMIN - xxx-PC
# Gestartet von : C:\Users\xxx\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : \vghd
Ordner Gelöscht : C:\Program Files\Freemium
Ordner Gelöscht : C:\Program Files\vghd
Ordner Gelöscht : C:\Users\ADMIN\AppData\Local\vghd
Ordner Gelöscht : C:\Users\ADMIN\AppData\Roaming\Freemium
Ordner Gelöscht : C:\Users\xxx\AppData\Local\vghd
Ordner Gelöscht : C:\Users\xxx\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\Freemium
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\jetpack
Datei Gelöscht : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\foxydeal.sqlite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16502
-\\ Google Chrome v
[ Datei : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2069 octets] - [04/09/2013 12:12:22]
AdwCleaner[S0].txt - [2010 octets] - [04/09/2013 12:13:38]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [2070 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by ADMIN on 04.09.2013 at 12:23:10,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.09.2013 at 12:25:46,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013 Ran by xxx (ATTENTION: The logged in user is not administrator) on xxx-PC on 04-09-2013 12:45:41 Running from C:\Users\xxx\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ODSoft multimedia) C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (CyberLink Corp.) C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Mozilla Corporation) C:\Users\xxx\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Users\xxx\AppData\Local\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Microsoft Corporation) C:\Windows\system32\mspaint.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TVBroadcast] - C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe [797696 2007-08-08] (ODSoft multimedia) HKLM\...\Run: [PlayMovie] - C:\Program Files\HomeCinema\PlayMovie\PMVService.exe [172032 2007-09-07] (CyberLink Corp.) HKLM\...\Run: [TVEService] - C:\Program Files\HomeCinema\TV Enhance\TVEService.exe [155648 2007-10-19] (CyberLink Corp.) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-08-17] (Realtek Semiconductor) HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG) HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-09] (Intel Corporation) HKLM\...\Run: [NMSSupport] - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation) HKLM\...\Run: [CCUTRAYICON] - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel(R) Corporation) HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] () HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-09-12] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8497696 2007-09-12] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-09-12] (NVIDIA Corporation) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.) HKCU\...\Run: [Logitech Vid] - C:\Program Files\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.) Startup: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISDNWatch.lnk ShortcutTarget: ISDNWatch.lnk -> C:\Programme\ComCenter\IWatch.exe (AVM Berlin) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie SearchScopes: HKLM - DefaultScope value is missing. BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () Toolbar: HKCU -Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{9865AE8B-2F9C-4D59-B539-4B0938E0E0B0}: [NameServer]192.168.121.252,192.168.121.253 FireFox: ======== FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default FF DefaultSearchEngine: Startpage HTTPS - Deutsch FF SelectedSearchEngine: Startpage HTTPS - Deutsch FF Homepage: about:home FF Keyword.URL: https://duckduckgo.com/?q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\searchplugins\duckduckgo-1.xml FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\searchplugins\ixquick.xml FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\searchplugins\startpage-https---deutsch.xml FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\ich@maltegoetz.de FF Extension: WOT - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: DownloadHelper - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: firefox - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\firefox@ghostery.com.xpi FF Extension: jid1-ZAdIEUB7XOzOJw - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dsseotqr.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa ========================== Services (Whitelisted) ================= R2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel(R) Corporation) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG) R2 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [206128 2007-10-15] (AVM Berlin) S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel(R) Corporation) R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] () S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH) R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) R2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel(R) Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) R2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] () R2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel(R) Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) R2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel(R) Corporation) R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) R2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel(R) Corporation) R2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel(R) Corporation) R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH) R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [290909 2007-10-19] () R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [114779 2007-10-19] () R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10) S2 SystemStore; "C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe" [x] ==================== Drivers (Whitelisted) ==================== R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1242976 2007-08-22] (NXP Semiconductors Germany GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-20] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH) R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. ) S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin) R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation) S3 NETPPPOI; C:\Windows\System32\DRIVERS\NETPPPOI.SYS [334640 2007-10-15] (AVM Berlin) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.) R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] () R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.) R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\HomeCinema\PlayMovie\000.fcl [41456 2007-10-11] (Cyberlink Corp.) R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files\HomeCinema\PowerDVD\000.fcl [41456 2007-10-09] (Cyberlink Corp.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 catchme; \??\C:\Users\ADMIN\AppData\Local\Temp\catchme.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-04 12:41 - 2013-09-04 12:41 - 00000000 ___SD C:\32788R22FWJFW 2013-09-04 12:40 - 2013-09-04 12:40 - 00000634 _____ C:\Users\xxx\Desktop\JRT.txt 2013-09-04 12:39 - 2013-09-04 12:39 - 00002148 _____ C:\Users\xxx\Desktop\AdwCleaner[S0].txt 2013-09-04 12:25 - 2013-09-04 12:25 - 00000634 _____ C:\Users\ADMIN\Desktop\JRT.txt 2013-09-04 12:23 - 2013-09-04 12:23 - 00000000 ____D C:\Windows\ERUNT 2013-09-04 12:21 - 2013-09-04 12:21 - 01028757 _____ (Thisisu) C:\Users\xxx\Downloads\JRT.exe 2013-09-04 12:21 - 2013-09-04 12:21 - 01028757 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe 2013-09-04 12:12 - 2013-09-04 12:14 - 00000000 ____D C:\AdwCleaner 2013-09-04 12:11 - 2013-09-04 12:05 - 01037222 _____ C:\Users\xxx\Desktop\adwcleaner.exe 2013-09-04 12:07 - 2013-09-04 12:07 - 00614816 _____ C:\Users\xxx\Downloads\AdwCl3.001.exe 2013-09-04 12:05 - 2013-09-04 12:05 - 01037222 _____ C:\Users\xxx\Downloads\adwcleaner.exe 2013-09-04 11:49 - 2013-09-04 11:49 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-04 11:49 - 2013-09-04 11:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-04 11:49 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-04 11:46 - 2013-09-04 11:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-03 22:24 - 2013-09-03 22:25 - 00011828 _____ C:\Users\xxx\Desktop\ComboFix.txt 2013-09-03 22:03 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-03 22:03 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-03 22:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-03 22:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-03 22:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-03 22:03 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-03 22:03 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-03 22:03 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-03 22:02 - 2013-09-04 12:42 - 00000000 ____D C:\Qoobox 2013-09-03 22:02 - 2013-09-03 22:22 - 00000000 ____D C:\Windows\erdnt 2013-09-03 22:01 - 2013-09-03 21:58 - 05119472 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe 2013-09-03 21:58 - 2013-09-03 21:58 - 05119472 _____ (Swearware) C:\Users\xxx\Downloads\ComboFix.exe 2013-09-03 14:05 - 2013-09-03 15:14 - 00036063 _____ C:\Users\xxx\Downloads\Addition.txt 2013-09-03 14:02 - 2013-09-03 14:02 - 01084685 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe 2013-09-03 14:02 - 2013-09-03 14:02 - 00000000 ____D C:\FRST 2013-09-03 05:55 - 2012-07-26 05:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-09-03 05:55 - 2012-07-26 05:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2013-09-03 05:55 - 2012-07-26 05:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2013-09-03 05:55 - 2012-07-26 05:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2013-09-03 05:55 - 2012-07-26 05:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2013-09-03 05:55 - 2012-07-26 05:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2013-09-03 05:55 - 2012-07-26 05:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2013-09-03 05:55 - 2012-07-26 04:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2013-09-03 05:55 - 2012-07-26 04:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2013-09-03 05:55 - 2012-07-26 04:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2013-09-03 05:55 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2013-09-03 05:55 - 2012-06-02 16:34 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2013-09-03 05:55 - 2009-07-14 14:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll 2013-09-03 05:21 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-03 05:21 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-03 05:21 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-03 05:21 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-03 05:21 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-03 05:21 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-09-03 05:21 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-09-03 05:21 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-03 05:21 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-03 05:21 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-03 05:21 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-03 05:21 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-09-03 05:21 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-09-03 05:21 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-03 05:21 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-03 05:21 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-09-03 05:20 - 2012-11-22 05:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll 2013-09-03 05:19 - 2013-04-17 14:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-09-03 05:14 - 2013-04-15 16:20 - 00638328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-09-03 05:14 - 2013-04-13 12:56 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2013-09-03 05:14 - 2012-11-20 06:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-09-03 05:14 - 2012-11-02 12:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2013-09-03 05:14 - 2012-11-02 10:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe 2013-09-03 05:13 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-09-03 05:13 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-09-03 05:13 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-03 05:13 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-09-03 05:13 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-03 05:13 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-09-03 05:13 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2013-09-03 05:13 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll 2013-09-03 05:13 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2013-09-03 05:13 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2013-09-03 05:13 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-09-03 05:13 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-09-03 05:13 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-09-03 05:13 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-09-03 05:13 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-09-03 05:13 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-09-03 05:13 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-09-03 05:13 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-09-03 05:13 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-09-03 05:13 - 2013-03-09 05:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-03 05:13 - 2013-03-09 03:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-03 05:13 - 2013-03-03 21:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2013-09-03 05:13 - 2012-11-08 05:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2013-09-03 05:13 - 2012-11-02 12:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2013-09-03 05:13 - 2012-08-21 13:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2013-09-03 05:13 - 2012-06-29 18:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll 2013-09-03 05:12 - 2012-06-05 18:47 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2013-09-03 05:07 - 2013-03-08 05:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2013-09-03 04:41 - 2013-09-03 04:43 - 00000000 ____D C:\Windows\system32\MRT 2013-09-03 04:33 - 2013-09-03 04:33 - 00000000 ____D C:\Program Files\Microsoft CAPICOM 2.1.0.2 2013-09-03 04:25 - 2012-12-16 15:12 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-09-03 04:25 - 2012-12-16 12:50 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-09-03 04:23 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-09-03 04:23 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2013-09-03 04:23 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-09-03 04:23 - 2012-06-08 19:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-03 04:23 - 2012-05-11 17:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2013-09-03 04:22 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-09-03 04:22 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-03 04:22 - 2012-09-25 18:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll 2013-09-03 04:21 - 2013-02-12 03:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2013-09-03 04:20 - 2013-09-04 12:36 - 00000000 ____D C:\Users\xxx\Desktop\Screenshot 2013-09-03 04:20 - 2012-09-28 18:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-03 04:16 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-09-03 04:16 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-09-03 04:16 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-09-03 04:16 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-09-03 04:16 - 2013-03-08 05:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-03 04:16 - 2012-06-04 17:26 - 00440704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-09-03 04:16 - 2012-06-02 02:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-09-03 04:16 - 2012-05-01 16:03 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2013-09-02 00:19 - 2013-09-02 00:19 - 00000649 _____ C:\Users\xxx\4. Schritt.txt 2013-09-01 04:06 - 2013-09-01 04:06 - 00903080 _____ (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586-iftw(1).exe 2013-09-01 04:02 - 2013-09-01 04:03 - 51769792 _____ (Adobe Systems Incorporated) C:\Users\xxx\Downloads\AdbeRdr1014_de_DE(1).exe 2013-09-01 03:58 - 2013-09-01 03:58 - 17737608 _____ (Adobe Systems Incorporated) C:\Users\xxx\Downloads\install_flash_player(1).exe 2013-09-01 03:58 - 2013-09-01 03:58 - 00903080 _____ (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586-iftw.exe 2013-09-01 03:51 - 2013-09-01 03:51 - 00000000 ____D C:\Users\xxx\AppData\Local\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-09-04 12:42 - 2013-09-04 12:41 - 00000000 ___SD C:\ComboFix 2013-09-04 12:42 - 2013-09-03 22:02 - 00000000 ____D C:\Qoobox 2013-09-04 12:42 - 2012-10-13 14:35 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype 2013-09-04 12:41 - 2013-09-04 12:41 - 00000000 ___SD C:\32788R22FWJFW 2013-09-04 12:40 - 2013-09-04 12:40 - 00000634 _____ C:\Users\xxx\Desktop\JRT.txt 2013-09-04 12:39 - 2013-09-04 12:39 - 00002148 _____ C:\Users\xxx\Desktop\AdwCleaner[S0].txt 2013-09-04 12:36 - 2013-09-03 04:20 - 00000000 ____D C:\Users\xxx\Desktop\Screenshot 2013-09-04 12:35 - 2012-11-23 11:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-04 12:34 - 2011-03-05 12:35 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Macromedia 2013-09-04 12:32 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-04 12:32 - 2006-11-02 14:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-04 12:32 - 2006-11-02 14:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-04 12:31 - 2011-03-05 01:23 - 01300883 _____ C:\Windows\WindowsUpdate.log 2013-09-04 12:31 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-04 12:25 - 2013-09-04 12:25 - 00000634 _____ C:\Users\ADMIN\Desktop\JRT.txt 2013-09-04 12:23 - 2013-09-04 12:23 - 00000000 ____D C:\Windows\ERUNT 2013-09-04 12:21 - 2013-09-04 12:21 - 01028757 _____ (Thisisu) C:\Users\xxx\Downloads\JRT.exe 2013-09-04 12:21 - 2013-09-04 12:21 - 01028757 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe 2013-09-04 12:14 - 2013-09-04 12:12 - 00000000 ____D C:\AdwCleaner 2013-09-04 12:07 - 2013-09-04 12:07 - 00614816 _____ C:\Users\xxx\Downloads\AdwCl3.001.exe 2013-09-04 12:05 - 2013-09-04 12:11 - 01037222 _____ C:\Users\xxx\Desktop\adwcleaner.exe 2013-09-04 12:05 - 2013-09-04 12:05 - 01037222 _____ C:\Users\xxx\Downloads\adwcleaner.exe 2013-09-04 12:02 - 2012-06-28 01:14 - 00007592 _____ C:\Users\xxx\AppData\Local\d3d9caps.dat 2013-09-04 11:49 - 2013-09-04 11:49 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-04 11:49 - 2013-09-04 11:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-04 11:48 - 2011-03-05 01:53 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3662017351-1824195257-1989755620-1004UA.job 2013-09-04 11:46 - 2013-09-04 11:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-04 11:45 - 2012-10-27 11:03 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-04 11:45 - 2012-10-27 11:03 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-04 11:39 - 2007-10-10 13:56 - 00221128 _____ C:\Windows\PFRO.log 2013-09-03 22:25 - 2013-09-03 22:24 - 00011828 _____ C:\Users\xxx\Desktop\ComboFix.txt 2013-09-03 22:23 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default 2013-09-03 22:23 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2013-09-03 22:22 - 2013-09-03 22:02 - 00000000 ____D C:\Windows\erdnt 2013-09-03 22:20 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2013-09-03 22:01 - 2011-03-05 04:00 - 00000000 ____D C:\Users\xxx 2013-09-03 21:58 - 2013-09-03 22:01 - 05119472 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe 2013-09-03 21:58 - 2013-09-03 21:58 - 05119472 _____ (Swearware) C:\Users\xxx\Downloads\ComboFix.exe 2013-09-03 21:55 - 2013-03-04 20:49 - 00000000 ____D C:\Users\xxx\AppData\Local\Freenet 2013-09-03 15:14 - 2013-09-03 14:05 - 00036063 _____ C:\Users\xxx\Downloads\Addition.txt 2013-09-03 14:25 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-09-03 14:02 - 2013-09-03 14:02 - 01084685 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe 2013-09-03 14:02 - 2013-09-03 14:02 - 00000000 ____D C:\FRST 2013-09-03 06:32 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-09-03 06:18 - 2006-11-02 12:33 - 01565338 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-03 06:05 - 2006-11-02 17:31 - 00000000 ____D C:\Windows\system32\Drivers\de-DE 2013-09-03 06:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE 2013-09-03 05:37 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer 2013-09-03 05:21 - 2007-10-09 17:42 - 00000000 ____D C:\Program Files\Microsoft Works 2013-09-03 04:57 - 2013-05-20 01:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-09-03 04:57 - 2006-11-02 14:47 - 00372080 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-03 04:55 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal 2013-09-03 04:43 - 2013-09-03 04:41 - 00000000 ____D C:\Windows\system32\MRT 2013-09-03 04:33 - 2013-09-03 04:33 - 00000000 ____D C:\Program Files\Microsoft CAPICOM 2.1.0.2 2013-09-02 00:19 - 2013-09-02 00:19 - 00000649 _____ C:\Users\xxx\4. Schritt.txt 2013-09-01 04:06 - 2013-09-01 04:06 - 00903080 _____ (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586-iftw(1).exe 2013-09-01 04:03 - 2013-09-01 04:02 - 51769792 _____ (Adobe Systems Incorporated) C:\Users\xxx\Downloads\AdbeRdr1014_de_DE(1).exe 2013-09-01 03:59 - 2012-04-07 20:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-09-01 03:59 - 2011-05-23 09:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-01 03:58 - 2013-09-01 03:58 - 17737608 _____ (Adobe Systems Incorporated) C:\Users\xxx\Downloads\install_flash_player(1).exe 2013-09-01 03:58 - 2013-09-01 03:58 - 00903080 _____ (Oracle Corporation) C:\Users\xxx\Downloads\jre-7u25-windows-i586-iftw.exe 2013-09-01 03:51 - 2013-09-01 03:51 - 00000000 ____D C:\Users\xxx\AppData\Local\Mozilla Firefox 2013-08-05 16:00 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Files to move or delete: ==================== C:\Users\ADMIN\AppData\Local\Temp\Quarantine.exe C:\Users\ADMIN\AppData\Local\Temp\jrt\erunt\ERUNT.EXE C:\Users\xxx\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ --- --- --- --- --- --- |
|
04.09.2013, 16:05
| #8 |
| /// the machine /// TB-Ausbilder | Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware? Ja, es war drauf ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.09.2013, 17:47
| #9 |
| | Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware? So dass sind ja bis jetzt ne ganze Menge an Programmen gewesen^^ Ich persönlich kannte nur Malwarebytes... Ich hätte da bitte noch ein paar Zwischenfragen: 1) Was für ein Schadprogramm war es denn genau bzw. mit welcher Funktion? 2) Sind jetzt alle meine Passwörter obsolet geworden? Ich habe auch Online-Banking & Paypal benutzt.. 3) Welche Risiken gibt es jetzt? Muss ich etwas sperren?  für Deinen Support! Eset Smartinstaller Code:
ATTFilter Results of screen317's Security Check version 0.99.72 Windows Vista Service Pack 2 x86 Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.4 Adobe Reader out of Date! Google Chrome 17.0.963.56 Google Chrome 19.0.1084.46 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5b5f342ca23d4241a10a8c286d0ddedb
# engine=15010
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-04 03:15:58
# local_time=2013-09-04 05:15:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 0 243731048 12561 0
# compatibility_mode=5892 16776574 100 100 41148925 215840486 0 0
# scanned=1048
# found=0
# cleaned=0
# scan_time=40
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5b5f342ca23d4241a10a8c286d0ddedb
# engine=15010
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-04 04:20:57
# local_time=2013-09-04 06:20:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 0 243734947 16460 0
# compatibility_mode=5892 16776574 100 100 41152824 215844385 0 0
# scanned=179687
# found=0
# cleaned=0
# scan_time=3841
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013 03 Ran by ADMIN (administrator) on XXX-PC on 04-09-2013 18:36:28 Running from C:\Users\XXX\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (ODSoft multimedia) C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (CyberLink Corp.) C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe (AVM Berlin) C:\Programme\ComCenter\IWatch.exe () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Intel(R) Corporation) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (AVM Berlin) C:\Program Files\Common Files\AVM\de_serv.exe () C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe (Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe (X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe () C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe (Intel(R) Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Mozilla Corporation) C:\Users\XXX\AppData\Local\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Farbar) C:\Users\XXX\Desktop\FRST(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TVBroadcast] - C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe [797696 2007-08-08] (ODSoft multimedia) HKLM\...\Run: [PlayMovie] - C:\Program Files\HomeCinema\PlayMovie\PMVService.exe [172032 2007-09-07] (CyberLink Corp.) HKLM\...\Run: [TVEService] - C:\Program Files\HomeCinema\TV Enhance\TVEService.exe [155648 2007-10-19] (CyberLink Corp.) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-08-17] (Realtek Semiconductor) HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG) HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-09] (Intel Corporation) HKLM\...\Run: [NMSSupport] - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation) HKLM\...\Run: [CCUTRAYICON] - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel(R) Corporation) HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] () HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-09-12] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8497696 2007-09-12] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-09-12] (NVIDIA Corporation) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKCU\...\Run: [Steam] - C:\Programme\Steam\Steam.exe [1217808 2009-09-14] (Valve Corporation) HKCU\...\Run: [Logitech Vid] - C:\Program Files\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.) HKCU\...\Policies\Explorer: [NoDrives] 0 HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) Startup: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISDNWatch.lnk ShortcutTarget: ISDNWatch.lnk -> C:\Programme\ComCenter\IWatch.exe (AVM Berlin) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie SearchScopes: HKLM - DefaultScope value is missing. BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () Toolbar: HKCU -Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{9865AE8B-2F9C-4D59-B539-4B0938E0E0B0}: [NameServer]192.168.121.252,192.168.121.253 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Extension: (DivX HiQ) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0 CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx CHR StartMenuInternet: Google Chrome - C:\Users\ADMIN\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel(R) Corporation) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG) R2 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [206128 2007-10-15] (AVM Berlin) S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel(R) Corporation) R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] () S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH) R2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel(R) Corporation) R2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] () R2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel(R) Corporation) R2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel(R) Corporation) R2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel(R) Corporation) R2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel(R) Corporation) R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1681408 2007-08-16] (Buhl Data Service GmbH) R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [290909 2007-10-19] () R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [114779 2007-10-19] () R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10) S2 SystemStore; "C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe" [x] ==================== Drivers (Whitelisted) ==================== R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1242976 2007-08-22] (NXP Semiconductors Germany GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-20] (Avira Operations GmbH & Co. KG) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-08-15] (AVM GmbH) R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. ) S3 fxusbase; C:\Windows\System32\DRIVERS\fxusbase.sys [567936 2007-08-15] (AVM Berlin) R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation) S3 NETPPPOI; C:\Windows\System32\DRIVERS\NETPPPOI.SYS [334640 2007-10-15] (AVM Berlin) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.) R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] () R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.) R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\HomeCinema\PlayMovie\000.fcl [41456 2007-10-11] (Cyberlink Corp.) R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files\HomeCinema\PowerDVD\000.fcl [41456 2007-10-09] (Cyberlink Corp.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 catchme; \??\C:\Users\ADMIN\AppData\Local\Temp\catchme.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-04 18:35 - 2013-09-04 18:36 - 01084575 _____ (Farbar) C:\Users\XXX\Downloads\FRST(1).exe 2013-09-04 18:35 - 2013-09-04 18:27 - 00000959 _____ C:\Users\XXX\Desktop\checkup.txt 2013-09-04 18:27 - 2013-09-04 18:27 - 00000959 _____ C:\Users\ADMIN\Desktop\checkup.txt 2013-09-04 18:24 - 2013-09-04 18:23 - 00891115 _____ C:\Users\XXX\Desktop\SecurityCheck.exe 2013-09-04 18:23 - 2013-09-04 18:23 - 00891115 _____ C:\Users\XXX\Downloads\SecurityCheck.exe 2013-09-04 17:46 - 2013-09-04 17:46 - 95863165 _____ C:\Windows\system32\他쑻᭄¨ 2013-09-04 17:13 - 2013-09-04 17:13 - 00000000 ____D C:\Program Files\ESET 2013-09-04 17:12 - 2013-09-04 17:11 - 02347384 _____ (ESET) C:\Users\XXX\Desktop\esetsmartinstaller_enu.exe 2013-09-04 17:11 - 2013-09-04 17:11 - 02347384 _____ (ESET) C:\Users\XXX\Downloads\esetsmartinstaller_enu.exe 2013-09-04 13:39 - 2013-09-04 13:44 - 00000000 ____D C:\Users\XXX\Desktop\PUNX 2013-09-04 12:46 - 2013-09-04 12:46 - 00035828 _____ C:\Users\XXX\Downloads\FRST.txt 2013-09-04 12:41 - 2013-09-04 12:42 - 00000000 ___SD C:\ComboFix 2013-09-04 12:41 - 2013-09-04 12:41 - 00000000 ___SD C:\32788R22FWJFW 2013-09-04 12:40 - 2013-09-04 12:40 - 00000634 _____ C:\Users\XXX\Desktop\JRT.txt 2013-09-04 12:39 - 2013-09-04 12:55 - 00002134 _____ C:\Users\XXX\Desktop\AdwCleaner[S0].txt 2013-09-04 12:25 - 2013-09-04 12:25 - 00000634 _____ C:\Users\ADMIN\Desktop\JRT.txt 2013-09-04 12:23 - 2013-09-04 12:23 - 00000000 ____D C:\Windows\ERUNT 2013-09-04 12:21 - 2013-09-04 12:21 - 01028757 _____ (Thisisu) C:\Users\XXX\Downloads\JRT.exe 2013-09-04 12:21 - 2013-09-04 12:21 - 01028757 _____ (Thisisu) C:\Users\XXX\Desktop\JRT.exe 2013-09-04 12:12 - 2013-09-04 12:14 - 00000000 ____D C:\AdwCleaner 2013-09-04 12:11 - 2013-09-04 12:05 - 01037222 _____ C:\Users\XXX\Desktop\adwcleaner.exe 2013-09-04 12:07 - 2013-09-04 12:07 - 00614816 _____ C:\Users\XXX\Downloads\AdwCl3.001.exe 2013-09-04 12:05 - 2013-09-04 12:05 - 01037222 _____ C:\Users\XXX\Downloads\adwcleaner.exe 2013-09-04 11:49 - 2013-09-04 11:49 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-04 11:49 - 2013-09-04 11:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-04 11:49 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-04 11:46 - 2013-09-04 11:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\XXX\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-03 22:24 - 2013-09-03 22:25 - 00011828 _____ C:\Users\XXX\Desktop\ComboFix.txt 2013-09-03 22:03 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-03 22:03 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-03 22:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-03 22:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-03 22:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-03 22:03 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-03 22:03 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-03 22:03 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-03 22:02 - 2013-09-04 12:42 - 00000000 ____D C:\Qoobox 2013-09-03 22:02 - 2013-09-03 22:22 - 00000000 ____D C:\Windows\erdnt 2013-09-03 22:01 - 2013-09-03 21:58 - 05119472 ____R (Swearware) C:\Users\XXX\Desktop\ComboFix.exe 2013-09-03 21:58 - 2013-09-03 21:58 - 05119472 _____ (Swearware) C:\Users\XXX\Downloads\ComboFix.exe 2013-09-03 14:05 - 2013-09-03 15:14 - 00036063 _____ C:\Users\XXX\Downloads\Addition.txt 2013-09-03 14:02 - 2013-09-03 14:02 - 01084685 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe 2013-09-03 14:02 - 2013-09-03 14:02 - 00000000 ____D C:\FRST 2013-09-03 05:55 - 2012-07-26 05:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-09-03 05:55 - 2012-07-26 05:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2013-09-03 05:55 - 2012-07-26 05:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2013-09-03 05:55 - 2012-07-26 05:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2013-09-03 05:55 - 2012-07-26 05:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2013-09-03 05:55 - 2012-07-26 05:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2013-09-03 05:55 - 2012-07-26 05:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2013-09-03 05:55 - 2012-07-26 04:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2013-09-03 05:55 - 2012-07-26 04:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2013-09-03 05:55 - 2012-07-26 04:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2013-09-03 05:55 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2013-09-03 05:55 - 2012-06-02 16:34 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2013-09-03 05:55 - 2009-07-14 14:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll 2013-09-03 05:21 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-03 05:21 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-03 05:21 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-03 05:21 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-03 05:21 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-03 05:21 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-09-03 05:21 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-09-03 05:21 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-03 05:21 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-03 05:21 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-03 05:21 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-03 05:21 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-09-03 05:21 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-09-03 05:21 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-03 05:21 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-03 05:21 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-09-03 05:20 - 2012-11-22 05:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll 2013-09-03 05:19 - 2013-04-17 14:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-09-03 05:14 - 2013-04-15 16:20 - 00638328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-09-03 05:14 - 2013-04-13 12:56 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2013-09-03 05:14 - 2012-11-20 06:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-09-03 05:14 - 2012-11-02 12:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2013-09-03 05:14 - 2012-11-02 10:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe 2013-09-03 05:13 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-09-03 05:13 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-09-03 05:13 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-03 05:13 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-09-03 05:13 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-03 05:13 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-09-03 05:13 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2013-09-03 05:13 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll 2013-09-03 05:13 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2013-09-03 05:13 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2013-09-03 05:13 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-09-03 05:13 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-09-03 05:13 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-09-03 05:13 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-09-03 05:13 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-09-03 05:13 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-09-03 05:13 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-09-03 05:13 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-09-03 05:13 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-09-03 05:13 - 2013-03-09 05:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-03 05:13 - 2013-03-09 03:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-03 05:13 - 2013-03-03 21:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2013-09-03 05:13 - 2012-11-08 05:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2013-09-03 05:13 - 2012-11-02 12:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2013-09-03 05:13 - 2012-08-21 13:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2013-09-03 05:13 - 2012-06-29 18:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll 2013-09-03 05:12 - 2012-06-05 18:47 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2013-09-03 05:07 - 2013-03-08 05:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2013-09-03 04:41 - 2013-09-03 04:43 - 00000000 ____D C:\Windows\system32\MRT 2013-09-03 04:33 - 2013-09-03 04:33 - 00000000 ____D C:\Program Files\Microsoft CAPICOM 2.1.0.2 2013-09-03 04:25 - 2012-12-16 15:12 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-09-03 04:25 - 2012-12-16 12:50 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-09-03 04:23 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-09-03 04:23 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2013-09-03 04:23 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-09-03 04:23 - 2012-06-08 19:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-03 04:23 - 2012-05-11 17:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2013-09-03 04:22 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-09-03 04:22 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-03 04:22 - 2012-09-25 18:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll 2013-09-03 04:21 - 2013-02-12 03:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2013-09-03 04:20 - 2013-09-04 12:36 - 00000000 ____D C:\Users\XXX\Desktop\Screenshot 2013-09-03 04:20 - 2012-09-28 18:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-03 04:16 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-09-03 04:16 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-09-03 04:16 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-09-03 04:16 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-09-03 04:16 - 2013-03-08 05:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-03 04:16 - 2012-06-04 17:26 - 00440704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-09-03 04:16 - 2012-06-02 02:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-09-03 04:16 - 2012-05-01 16:03 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2013-09-02 00:19 - 2013-09-02 00:19 - 00000649 _____ C:\Users\XXX\4. Schritt.txt 2013-09-01 04:06 - 2013-09-01 04:06 - 00903080 _____ (Oracle Corporation) C:\Users\XXX\Downloads\jre-7u25-windows-i586-iftw(1).exe 2013-09-01 04:02 - 2013-09-01 04:03 - 51769792 _____ (Adobe Systems Incorporated) C:\Users\XXX\Downloads\AdbeRdr1014_de_DE(1).exe 2013-09-01 03:58 - 2013-09-01 03:58 - 17737608 _____ (Adobe Systems Incorporated) C:\Users\XXX\Downloads\install_flash_player(1).exe 2013-09-01 03:58 - 2013-09-01 03:58 - 00903080 _____ (Oracle Corporation) C:\Users\XXX\Downloads\jre-7u25-windows-i586-iftw.exe 2013-09-01 03:51 - 2013-09-01 03:51 - 00000000 ____D C:\Users\XXX\AppData\Local\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-09-04 18:36 - 2013-09-04 18:35 - 01084575 _____ (Farbar) C:\Users\XXX\Downloads\FRST(1).exe 2013-09-04 18:35 - 2012-11-23 11:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-04 18:27 - 2013-09-04 18:35 - 00000959 _____ C:\Users\XXX\Desktop\checkup.txt 2013-09-04 18:27 - 2013-09-04 18:27 - 00000959 _____ C:\Users\ADMIN\Desktop\checkup.txt 2013-09-04 18:23 - 2013-09-04 18:24 - 00891115 _____ C:\Users\XXX\Desktop\SecurityCheck.exe 2013-09-04 18:23 - 2013-09-04 18:23 - 00891115 _____ C:\Users\XXX\Downloads\SecurityCheck.exe 2013-09-04 17:47 - 2011-03-05 01:53 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3662017351-1824195257-1989755620-1004UA.job 2013-09-04 17:46 - 2013-09-04 17:46 - 95863165 _____ C:\Windows\system32\他쑻᭄¨ 2013-09-04 17:13 - 2013-09-04 17:13 - 00000000 ____D C:\Program Files\ESET 2013-09-04 17:12 - 2006-11-02 12:33 - 01586268 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-04 17:11 - 2013-09-04 17:12 - 02347384 _____ (ESET) C:\Users\XXX\Desktop\esetsmartinstaller_enu.exe 2013-09-04 17:11 - 2013-09-04 17:11 - 02347384 _____ (ESET) C:\Users\XXX\Downloads\esetsmartinstaller_enu.exe 2013-09-04 16:52 - 2006-11-02 14:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-04 16:52 - 2006-11-02 14:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-04 14:00 - 2011-03-05 01:23 - 01307108 _____ C:\Windows\WindowsUpdate.log 2013-09-04 13:47 - 2011-03-05 01:53 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3662017351-1824195257-1989755620-1004Core.job 2013-09-04 13:44 - 2013-09-04 13:39 - 00000000 ____D C:\Users\XXX\Desktop\PUNX 2013-09-04 13:15 - 2011-03-05 12:35 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Macromedia 2013-09-04 12:55 - 2013-09-04 12:39 - 00002134 _____ C:\Users\XXX\Desktop\AdwCleaner[S0].txt 2013-09-04 12:53 - 2012-10-13 14:35 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Skype 2013-09-04 12:52 - 2007-10-10 13:56 - 00221674 _____ C:\Windows\PFRO.log 2013-09-04 12:52 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-04 12:51 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-04 12:46 - 2013-09-04 12:46 - 00035828 _____ C:\Users\XXX\Downloads\FRST.txt 2013-09-04 12:42 - 2013-09-04 12:41 - 00000000 ___SD C:\ComboFix 2013-09-04 12:42 - 2013-09-03 22:02 - 00000000 ____D C:\Qoobox 2013-09-04 12:41 - 2013-09-04 12:41 - 00000000 ___SD C:\32788R22FWJFW 2013-09-04 12:40 - 2013-09-04 12:40 - 00000634 _____ C:\Users\XXX\Desktop\JRT.txt 2013-09-04 12:36 - 2013-09-03 04:20 - 00000000 ____D C:\Users\XXX\Desktop\Screenshot 2013-09-04 12:25 - 2013-09-04 12:25 - 00000634 _____ C:\Users\ADMIN\Desktop\JRT.txt 2013-09-04 12:23 - 2013-09-04 12:23 - 00000000 ____D C:\Windows\ERUNT 2013-09-04 12:21 - 2013-09-04 12:21 - 01028757 _____ (Thisisu) C:\Users\XXX\Downloads\JRT.exe 2013-09-04 12:21 - 2013-09-04 12:21 - 01028757 _____ (Thisisu) C:\Users\XXX\Desktop\JRT.exe 2013-09-04 12:14 - 2013-09-04 12:12 - 00000000 ____D C:\AdwCleaner 2013-09-04 12:07 - 2013-09-04 12:07 - 00614816 _____ C:\Users\XXX\Downloads\AdwCl3.001.exe 2013-09-04 12:05 - 2013-09-04 12:11 - 01037222 _____ C:\Users\XXX\Desktop\adwcleaner.exe 2013-09-04 12:05 - 2013-09-04 12:05 - 01037222 _____ C:\Users\XXX\Downloads\adwcleaner.exe 2013-09-04 12:02 - 2012-06-28 01:14 - 00007592 _____ C:\Users\XXX\AppData\Local\d3d9caps.dat 2013-09-04 11:49 - 2013-09-04 11:49 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-04 11:49 - 2013-09-04 11:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-04 11:46 - 2013-09-04 11:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\XXX\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-04 11:45 - 2012-10-27 11:03 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-04 11:45 - 2012-10-27 11:03 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-03 22:25 - 2013-09-03 22:24 - 00011828 _____ C:\Users\XXX\Desktop\ComboFix.txt 2013-09-03 22:23 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default 2013-09-03 22:23 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2013-09-03 22:22 - 2013-09-03 22:02 - 00000000 ____D C:\Windows\erdnt 2013-09-03 22:20 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2013-09-03 22:01 - 2011-03-05 04:00 - 00000000 ____D C:\Users\XXX 2013-09-03 21:58 - 2013-09-03 22:01 - 05119472 ____R (Swearware) C:\Users\XXX\Desktop\ComboFix.exe 2013-09-03 21:58 - 2013-09-03 21:58 - 05119472 _____ (Swearware) C:\Users\XXX\Downloads\ComboFix.exe 2013-09-03 21:55 - 2013-03-04 20:49 - 00000000 ____D C:\Users\XXX\AppData\Local\Freenet 2013-09-03 15:14 - 2013-09-03 14:05 - 00036063 _____ C:\Users\XXX\Downloads\Addition.txt 2013-09-03 14:25 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-09-03 14:02 - 2013-09-03 14:02 - 01084685 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe 2013-09-03 14:02 - 2013-09-03 14:02 - 00000000 ____D C:\FRST 2013-09-03 06:32 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-09-03 06:05 - 2006-11-02 17:31 - 00000000 ____D C:\Windows\system32\Drivers\de-DE 2013-09-03 06:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE 2013-09-03 05:37 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer 2013-09-03 05:21 - 2007-10-09 17:42 - 00000000 ____D C:\Program Files\Microsoft Works 2013-09-03 04:57 - 2013-05-20 01:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-09-03 04:57 - 2006-11-02 14:47 - 00372080 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-03 04:55 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal 2013-09-03 04:43 - 2013-09-03 04:41 - 00000000 ____D C:\Windows\system32\MRT 2013-09-03 04:33 - 2013-09-03 04:33 - 00000000 ____D C:\Program Files\Microsoft CAPICOM 2.1.0.2 2013-09-02 00:19 - 2013-09-02 00:19 - 00000649 _____ C:\Users\XXX\4. Schritt.txt 2013-09-01 04:06 - 2013-09-01 04:06 - 00903080 _____ (Oracle Corporation) C:\Users\XXX\Downloads\jre-7u25-windows-i586-iftw(1).exe 2013-09-01 04:03 - 2013-09-01 04:02 - 51769792 _____ (Adobe Systems Incorporated) C:\Users\XXX\Downloads\AdbeRdr1014_de_DE(1).exe 2013-09-01 03:59 - 2012-04-07 20:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-09-01 03:59 - 2011-05-23 09:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-01 03:58 - 2013-09-01 03:58 - 17737608 _____ (Adobe Systems Incorporated) C:\Users\XXX\Downloads\install_flash_player(1).exe 2013-09-01 03:58 - 2013-09-01 03:58 - 00903080 _____ (Oracle Corporation) C:\Users\XXX\Downloads\jre-7u25-windows-i586-iftw.exe 2013-09-01 03:51 - 2013-09-01 03:51 - 00000000 ____D C:\Users\XXX\AppData\Local\Mozilla Firefox 2013-08-05 16:00 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Files to move or delete: ==================== C:\Users\ADMIN\AppData\Local\Temp\Quarantine.exe C:\Users\ADMIN\AppData\Local\Temp\jrt\erunt\ERUNT.EXE C:\Users\XXX\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-04 12:59 ==================== End Of Log ============================ --- --- --- |
|
04.09.2013, 20:16
| #10 | |
| /// the machine /// TB-Ausbilder | Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware?Zitat:
2) Nein, aber Passwörter ändern ist bei Befall immer Pflicht 3) Kommt im Anschluss Adobe Reader updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.09.2013, 23:31
| #11 |
| | Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware? Hallo Schrauber, nochmals vielen Dank für Deinen Support und Dein außerordentlich übersichtliches Tutorial! Für Deine Mühe werde ich für trojaner-board.de einen Betrag Spenden Noch eine Frage: Da ich nun seit vielen Jahren viele schlechte Erfahrungen mit Windows gesammelt habe, möchte ich evtl zu LINUX / UBUNTU wechseln. Daher: Gibt es auch hier im Forum Ansprechpartner zum Thema Systemwechsel?? |
|
07.09.2013, 12:32
| #12 |
| /// the machine /// TB-Ausbilder | Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware? Einfach im Linux Forum posten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Ständig Bildschirmkopien / Screenshots im Cache geladen - durch STRG + C eingefügt = Spysoftware? |
| acrobat, adobe, avira, browser, cache, computer, email, frage, free, internet, meldung, mozilla, nicht mehr, plugins, plötzlich, print, scan, scanner, screenshot, screenshots, spy spionage überwachung, strg, virenscan, virenscanner, vista, windows, windows vista |
Linear-Darstellung
