| |
| |||||||
Log-Analyse und Auswertung: MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
31.10.2013, 22:45
| #1 |
 |  MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) Hallo, liebes Team! Ich bin gerade mal wieder am PC meiner Eltern und meine Mutter berichtete mir davon, dass das Internet unglaublich langsam wäre - das hab ich dann auch selber erfahren: Download von 9,8 MB dauert fast 15 Minuten (und das mit DSL6000). Auch der Seitenaufbau dauert extrem lange... Also hab ich MBAM laufen lassen: hat 11 Infektionen gefunden Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.31.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 baldham :: SONJAUNDBERND [Administrator] 31.10.2013 21:39:48 mbam-log-2013-10-31 (21-39-48).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 239244 Laufzeit: 12 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCR\AppID\{562B9316-C08A-444A-9482-62080DD851AE} (PUP.Optional.SpeedAnalysis3.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\baldham\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\baldham\AppData\Roaming\OpenCandy\564C16176E8F4932BB2BEA41486AAFF8 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 7 C:\Users\baldham\AppData\Local\Temp\SpeedTestSetup.exe (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\baldham\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih.exe (Trojan.Repacked) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sonja und Bernd\AppData\Local\Temp\p6UCTWYt.exe.part (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sonja und Bernd\AppData\Local\Temp\qnS6zHDJ.exe.part (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sonja und Bernd\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\baldham\AppData\Roaming\OpenCandy\564C16176E8F4932BB2BEA41486AAFF8\Softonic_chr_p1v6.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:00 on 31/10/2013 (baldham)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read SafeBoot.sys
-=E.O.F=-
FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013 Ran by Sonja und Bernd (ATTENTION: The logged in user is not administrator) on SONJAUNDBERND on 31-10-2013 22:03:52 Running from C:\Users\Sonja und Bernd\Desktop Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Ask) C:\Program Files\Ask.com\Updater\Updater.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe (ActivIdentity) c:\Program Files\ActivIdentity\ActivClient\acevents.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [] - [x] HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [293168 2007-05-16] (ActivIdentity) HKLM\...\Run: [CognizanceTS] - rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [File Sanitizer] - C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [10244096 2008-05-02] (Hewlett-Packard) HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe [3842048 2008-03-19] (Analog Devices, Inc.) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2008-04-04] (Analog Devices, Inc.) HKLM\...\Run: [HP Health Check Scheduler] - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-10-19] (Ask) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1150976 2009-01-19] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe [114688 2009-01-09] (Brother Industries, Ltd.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [Skype] - C:\Program Files\Skype\\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.) MountPoints2: {5a9e03b8-0928-11e1-9b39-002186c5f047} - G:\AutoRun.exe MountPoints2: {5a9e03d2-0928-11e1-9b39-001e101f36d9} - G:\AutoRun.exe MountPoints2: {668fc2c7-0934-11e1-ac79-001e101f82a7} - H:\AutoRun.exe AppInit_DLLs: APSHook.dll [ 2008-05-21] (Bioscrypt Inc.) Lsa: [Notification Packages] scecli ASWLNPkg ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb SearchScopes: HKLM - DefaultScope {7BEB5BB0-9006-4C60-AFE6-513BF461728E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de SearchScopes: HKLM - {7BEB5BB0-9006-4C60-AFE6-513BF461728E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de SearchScopes: HKCU - DefaultScope {7BEB5BB0-9006-4C60-AFE6-513BF461728E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de SearchScopes: HKCU - {08A3F3C5-19A6-4F09-A44C-2C4194A9974B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VK^DE&apn_uid=c4147500-675c-474a-8ceb-68e6a663ba2a&apn_sauid=763B56E7-A845-4C47-B999-13B5F3A02736 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {7BEB5BB0-9006-4C60-AFE6-513BF461728E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de BHO: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com) BHO: BHO_Startup Class - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.8.21.14\bh\Softonic.dll (Softonic.com) Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll (Softonic.com) Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Sonja und Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\5129zyfp.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF DefaultSearchEngine: Ask.com FF SearchEngineOrder.1: Ask.com FF Homepage: hxxp://go.gmx.net/tb/mff_startpage FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Sonja und Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\5129zyfp.default\searchplugins\zapmeta-deutschland.xml FF Extension: Microsoft .NET Framework Assistant - C:\Users\Sonja und Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\5129zyfp.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: toolbar - C:\Users\Sonja und Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\5129zyfp.default\Extensions\toolbar@gmx.net.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [speedtestanalysis@SpeedAnalysis.com] - C:\Users\baldham\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com FF Extension: Speed Test Analysis - C:\Users\baldham\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com Chrome: ======= CHR HomePage: hxxp://www.google.de/ CHR RestoreOnStartup: "hxxp://www.google.de/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Sonja und Bernd\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Sonja und Bernd\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Sonja und Bernd\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\SONJAU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0 CHR Extension: (YouTube) - C:\Users\SONJAU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\SONJAU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Gmail) - C:\Users\SONJAU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files\Softonic\Softonic\1.8.21.14\Softonic.crx CHR HKLM\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\baldham\AppData\Roaming\SpeedTestAnalysis\SpeedTestAnalysis.crx CHR StartMenuInternet: Google Chrome - C:\Users\Sonja und Bernd\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [182576 2007-05-16] (ActivIdentity) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG) R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [111888 2008-05-21] (Bioscrypt Inc.) R2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [137488 2008-05-21] (Bioscrypt Inc.) S2 gupdate1ca1367f7ffad00; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-08-02] (Google Inc.) R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) S4 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [34184 2008-05-14] (Hewlett-Packard Development Company, L.P) R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256512 2008-05-14] (SafeBoot International) R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2008-05-02] (Hewlett-Packard) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [239968 2011-11-07] () R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG) U0 laxbamja; C:\Windows\System32\drivers\fkba.sys [54016 2013-10-31] () R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [12496 2008-05-14] (SafeBoot International) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [108752 2008-05-14] () R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [51376 2008-05-14] (SafeBoot N.V.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [12928 2008-05-14] (SafeBoot International) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) U4 eabfiltr; S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-31 22:03 - 2013-10-31 22:03 - 00000000 ____D C:\FRST 2013-10-31 22:02 - 2013-10-31 22:02 - 01089445 _____ (Farbar) C:\Users\Sonja und Bernd\Desktop\FRST.exe 2013-10-31 22:00 - 2013-10-31 22:00 - 00000534 _____ C:\Users\Sonja und Bernd\Desktop\defogger_disable.log 2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 _____ C:\Users\baldham\defogger_reenable 2013-10-31 21:58 - 2013-10-31 21:58 - 00050477 _____ C:\Users\Sonja und Bernd\Desktop\Defogger.exe 2013-10-31 21:57 - 2013-10-31 21:57 - 00054016 _____ C:\windows\system32\Drivers\fkba.sys 2013-10-31 21:29 - 2013-10-31 21:29 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-31 21:29 - 2013-10-31 21:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-31 21:29 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-10-31 21:18 - 2013-10-31 21:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sonja und Bernd\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-28 22:06 - 2013-10-28 22:17 - 01756320 _____ C:\Users\Sonja und Bernd\Documents\wozi b.sh3d 2013-10-28 19:12 - 2013-10-28 19:19 - 00329851 _____ C:\Users\Sonja und Bernd\Documents\Küche.sh3d 2013-10-28 09:12 - 2013-10-30 07:03 - 02003806 _____ C:\Users\Sonja und Bernd\Documents\wozi.sh3d 2013-10-28 08:48 - 2013-10-28 08:48 - 00005774 _____ C:\Users\baldham\Documents\wohnzi.sh3d 2013-10-28 08:40 - 2013-10-28 08:48 - 00644331 _____ C:\Users\baldham\Documents\wohnzimmer.sh3d 2013-10-28 07:54 - 2013-10-28 07:54 - 00000000 ____D C:\Users\baldham\eTeks 2013-10-28 07:45 - 2013-10-28 07:45 - 00001224 _____ C:\Users\baldham\Desktop\SpeedTestAnalysis.lnk 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\SpeedTestAnalysis 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\Softonic 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\Mozilla 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Program Files\Speed Test Analysis 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Program Files\Softonic 2013-10-28 07:43 - 2013-10-28 07:43 - 00000926 _____ C:\Users\baldham\Desktop\Sweet Home 3D.lnk 2013-10-28 07:43 - 2013-10-28 07:43 - 00000000 ____D C:\Program Files\Sweet Home 3D 2013-10-28 07:27 - 2013-10-28 07:42 - 33703888 _____ (eTeks ) C:\Users\baldham\Desktop\SweetHome3D-4.1-windows-oc.exe 2013-10-27 17:01 - 2013-10-27 17:43 - 79510936 _____ (Trimble Navigation Limited) C:\Users\Sonja und Bernd\Downloads\SketchUp_13.0.4812.exe 2013-10-11 02:15 - 2013-09-22 11:29 - 12336128 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-10-11 02:15 - 2013-09-22 11:22 - 09739264 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-10-11 02:15 - 2013-09-22 11:22 - 01800704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-10-11 02:15 - 2013-09-22 11:14 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-10-11 02:15 - 2013-09-22 11:13 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-10-11 02:15 - 2013-09-22 11:13 - 01104896 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-10-11 02:15 - 2013-09-22 11:12 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2013-10-11 02:15 - 2013-09-22 11:09 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-10-11 02:15 - 2013-09-22 11:08 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-10-11 02:15 - 2013-09-22 11:07 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-10-11 02:15 - 2013-09-22 11:06 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2013-10-11 02:15 - 2013-09-22 11:05 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-10-11 02:15 - 2013-09-22 11:03 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-10-11 02:15 - 2013-09-22 11:03 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-10-11 02:15 - 2013-09-22 11:03 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2013-10-11 02:15 - 2013-09-22 10:59 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-10-10 06:45 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-10-10 06:45 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\windows\system32\d3d10.dll 2013-10-10 06:45 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1core.dll 2013-10-10 06:45 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\d3d10core.dll 2013-10-10 06:45 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1.dll 2013-10-10 06:45 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2013-10-10 06:45 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll 2013-10-10 06:45 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll 2013-10-10 06:45 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-10-10 06:45 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll 2013-10-10 06:45 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2013-10-10 06:45 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll 2013-10-10 06:45 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 06:45 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll 2013-10-10 06:44 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys 2013-10-10 06:44 - 2013-07-03 03:33 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys 2013-10-10 06:44 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys 2013-10-10 06:44 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2013-10-10 06:44 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2013-10-10 06:44 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2013-10-10 06:44 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2013-10-10 06:44 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys 2013-10-10 06:44 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2013-10-10 06:44 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2013-10-10 06:44 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2013-10-10 06:44 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2013-10-07 14:17 - 2013-10-08 19:07 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL3501.tmp 2013-10-07 14:17 - 2013-10-08 19:05 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL2365.tmp 2013-10-02 09:04 - 2013-10-02 18:29 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-10-31 22:03 - 2013-10-31 22:03 - 00000000 ____D C:\FRST 2013-10-31 22:02 - 2013-10-31 22:02 - 01089445 _____ (Farbar) C:\Users\Sonja und Bernd\Desktop\FRST.exe 2013-10-31 22:00 - 2013-10-31 22:00 - 00000534 _____ C:\Users\Sonja und Bernd\Desktop\defogger_disable.log 2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 _____ C:\Users\baldham\defogger_reenable 2013-10-31 22:00 - 2012-01-02 18:01 - 00000000 ____D C:\Users\baldham 2013-10-31 21:58 - 2013-10-31 21:58 - 00050477 _____ C:\Users\Sonja und Bernd\Desktop\Defogger.exe 2013-10-31 21:58 - 2008-12-23 20:52 - 00000000 ____D C:\Users\Sonja und Bernd 2013-10-31 21:57 - 2013-10-31 21:57 - 00054016 _____ C:\windows\system32\Drivers\fkba.sys 2013-10-31 21:57 - 2006-11-02 12:18 - 00000000 ____D C:\windows\schemas 2013-10-31 21:39 - 2012-11-09 15:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-10-31 21:38 - 2013-08-06 08:28 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Local\DoNotTrackPlus 2013-10-31 21:29 - 2013-10-31 21:29 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-31 21:29 - 2013-10-31 21:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-31 21:29 - 2013-10-31 21:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sonja und Bernd\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-31 21:27 - 2009-08-02 13:09 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-31 21:23 - 2008-12-23 19:39 - 01290440 _____ C:\windows\WindowsUpdate.log 2013-10-31 21:06 - 2009-08-02 13:09 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-31 21:05 - 2006-11-02 13:58 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-10-31 21:05 - 2006-11-02 13:45 - 00003216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-31 21:05 - 2006-11-02 13:45 - 00003216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-30 19:09 - 2008-12-24 12:08 - 00002637 _____ C:\Users\Sonja und Bernd\Desktop\Microsoft Office Word 2003.lnk 2013-10-30 07:03 - 2013-10-28 09:12 - 02003806 _____ C:\Users\Sonja und Bernd\Documents\wozi.sh3d 2013-10-29 12:36 - 2009-08-02 12:52 - 00001052 _____ C:\windows\Tasks\Google Software Updater.job 2013-10-28 22:17 - 2013-10-28 22:06 - 01756320 _____ C:\Users\Sonja und Bernd\Documents\wozi b.sh3d 2013-10-28 19:28 - 2008-12-23 19:39 - 00000012 _____ C:\windows\bthservsdp.dat 2013-10-28 19:28 - 2006-11-02 13:58 - 00032588 _____ C:\windows\Tasks\SCHEDLGU.TXT 2013-10-28 19:23 - 2009-03-21 20:06 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Roaming\Skype 2013-10-28 19:22 - 2012-11-09 15:47 - 00000000 ___RD C:\Program Files\Skype 2013-10-28 19:22 - 2009-03-21 20:06 - 00000000 ____D C:\ProgramData\Skype 2013-10-28 19:19 - 2013-10-28 19:12 - 00329851 _____ C:\Users\Sonja und Bernd\Documents\Küche.sh3d 2013-10-28 10:26 - 2013-02-09 16:56 - 00012256 _____ C:\windows\PFRO.log 2013-10-28 08:48 - 2013-10-28 08:48 - 00005774 _____ C:\Users\baldham\Documents\wohnzi.sh3d 2013-10-28 08:48 - 2013-10-28 08:40 - 00644331 _____ C:\Users\baldham\Documents\wohnzimmer.sh3d 2013-10-28 07:54 - 2013-10-28 07:54 - 00000000 ____D C:\Users\baldham\eTeks 2013-10-28 07:45 - 2013-10-28 07:45 - 00001224 _____ C:\Users\baldham\Desktop\SpeedTestAnalysis.lnk 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\SpeedTestAnalysis 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\Softonic 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\Mozilla 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Program Files\Speed Test Analysis 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Program Files\Softonic 2013-10-28 07:45 - 2009-05-03 08:45 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-28 07:43 - 2013-10-28 07:43 - 00000926 _____ C:\Users\baldham\Desktop\Sweet Home 3D.lnk 2013-10-28 07:43 - 2013-10-28 07:43 - 00000000 ____D C:\Program Files\Sweet Home 3D 2013-10-28 07:42 - 2013-10-28 07:27 - 33703888 _____ (eTeks ) C:\Users\baldham\Desktop\SweetHome3D-4.1-windows-oc.exe 2013-10-28 07:26 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public 2013-10-27 17:43 - 2013-10-27 17:01 - 79510936 _____ (Trimble Navigation Limited) C:\Users\Sonja und Bernd\Downloads\SketchUp_13.0.4812.exe 2013-10-25 06:36 - 2008-12-23 21:43 - 00075776 _____ C:\Users\Sonja und Bernd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-24 17:35 - 2009-09-03 16:47 - 00000052 _____ C:\windows\system32\DOErrors.log 2013-10-11 03:05 - 2006-11-02 12:18 - 00000000 ____D C:\windows\Microsoft.NET 2013-10-11 02:57 - 2006-11-02 13:44 - 00419592 _____ C:\windows\system32\FNTCACHE.DAT 2013-10-11 02:56 - 2009-06-27 15:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-11 02:27 - 2013-08-05 14:50 - 00000000 ____D C:\windows\system32\MRT 2013-10-11 02:22 - 2006-11-02 11:24 - 78106760 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe 2013-10-10 06:31 - 2012-03-31 09:29 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2013-10-10 06:31 - 2012-01-03 17:08 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-08 19:07 - 2013-10-07 14:17 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL3501.tmp 2013-10-08 19:05 - 2013-10-07 14:17 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL2365.tmp 2013-10-07 15:37 - 2012-10-30 09:37 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2013-10-07 15:37 - 2012-10-30 09:37 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2013-10-07 15:37 - 2012-10-30 09:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2013-10-02 18:29 - 2013-10-02 09:04 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox 2013-10-02 08:57 - 2011-01-30 11:27 - 00000680 _____ C:\Users\Sonja und Bernd\AppData\Local\d3d9caps.dat Some content of TEMP: ==================== C:\Users\baldham\AppData\Local\Temp\install_helper.exe C:\Users\baldham\AppData\Local\Temp\Softonic_chr_1-8-19-3.exe C:\Users\baldham\AppData\Local\Temp\_isB1A7.exe C:\Users\Sonja und Bernd\AppData\Local\Temp\1g37so5d.dll C:\Users\Sonja und Bernd\AppData\Local\Temp\avgnt.exe C:\Users\Sonja und Bernd\AppData\Local\Temp\FileSystemView.dll C:\Users\Sonja und Bernd\AppData\Local\Temp\g6tv7-as.dll C:\Users\Sonja und Bernd\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Sonja und Bernd at 2013-10-31 22:04:45
Running from C:\Users\Sonja und Bernd\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 2.1.5)
ActivClient 6.1 x86 (Version: 6.01.00034)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Agere Systems HDA Modem
Ask Toolbar (Version: 1.15.10.0)
ATI Catalyst Install Manager (Version: 3.0.664.0)
Avira Free Antivirus (Version: 14.0.0.383)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.4.1.29781)
BIOS Configuration for HP ProtectTools (Version: 4.00 A7)
Brother MFL-Pro Suite DCP-165C (Version: 1.1.8.0)
Brother MFL-Pro Suite DCP-195C (Version: 1.0.0.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Full Existing (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Full New (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Light (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Czech (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Danish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Dutch (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Finnish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization French (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization German (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Greek (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Hungarian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Italian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Japanese (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Korean (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Norwegian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Polish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Portuguese (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Russian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Spanish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Swedish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Thai (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Turkish (Version: 2008.0508.2151.37248)
CCC Help Chinese Standard (Version: 2008.0508.2150.37248)
CCC Help Chinese Traditional (Version: 2008.0508.2150.37248)
CCC Help Czech (Version: 2008.0508.2150.37248)
CCC Help Danish (Version: 2008.0508.2150.37248)
CCC Help Dutch (Version: 2008.0508.2150.37248)
CCC Help English (Version: 2008.0508.2150.37248)
CCC Help Finnish (Version: 2008.0508.2150.37248)
CCC Help French (Version: 2008.0508.2150.37248)
CCC Help German (Version: 2008.0508.2150.37248)
CCC Help Greek (Version: 2008.0508.2150.37248)
CCC Help Hungarian (Version: 2008.0508.2150.37248)
CCC Help Italian (Version: 2008.0508.2150.37248)
CCC Help Japanese (Version: 2008.0508.2150.37248)
CCC Help Korean (Version: 2008.0508.2150.37248)
CCC Help Norwegian (Version: 2008.0508.2150.37248)
CCC Help Polish (Version: 2008.0508.2150.37248)
CCC Help Portuguese (Version: 2008.0508.2150.37248)
CCC Help Russian (Version: 2008.0508.2150.37248)
CCC Help Spanish (Version: 2008.0508.2150.37248)
CCC Help Swedish (Version: 2008.0508.2150.37248)
CCC Help Thai (Version: 2008.0508.2150.37248)
CCC Help Turkish (Version: 2008.0508.2150.37248)
ccc-core-static (Version: 2008.0508.2151.37248)
ccc-utility (Version: 2008.0508.2151.37248)
CCleaner (Version: 4.04)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Credential Manager for HP ProtectTools (Version: 4.0.3.1208)
Drive Encryption for HP ProtectTools (Version: 4.0.2)
Dropbox (HKCU Version: 1.1.35)
ESt-Online (Version: 2003)
ESU for Microsoft Vista SP1 (Version: 1.00.2.1)
File Sanitizer For HP ProtectTools (Version: 1.0.0.18)
FileHippo.com Update Checker
GMX Softwareaktualisierung (Version: 2.0.1.8)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
Google Updater (Version: 2.4.2432.1652)
HP 3D DriveGuard (Version: 3.10 A7)
HP Active Support Library (Version: 3.1.9.1)
HP Customer Experience Enhancements (Version: 5.4.0.2423)
HP Doc Viewer (Version: 1.03.0001)
HP Easy Setup - Frontend (Version: 5.4.0.2423)
HP Help and Support (Version: 2.0.9.0)
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200 (Version: 6.0.1.6200)
HP JavaCard for HP ProtectTools (Version: 04.00.01.0025)
HP ProtectTools Security Manager (Version: 4.00 A1A)
HP ProtectTools Security Manager Suite (Version: 04.00.01.0026)
HP Quick Launch Buttons (Version: 6.50.14.1)
HP Software Setup 5.00.A.7 (Version: 5.00.A.7)
HP Update (Version: 5.002.007.004)
HP User Guides 0108 (Version: 1.01.0000)
HP Wallpaper (Version: 1.0.1.4)
HP Webcam (Version: 5.8.39004.0)
HP Webcam Application (Version: 1.0.020.0418)
HP Wireless Assistant (Version: 3.00 K1)
HPAsset component for HP Active Support Library (Version: 3.0.2.2)
HPNetworkAssistant (Version: 1.1.70)
Intel® Matrix Storage Manager
InterVideo DVD Check
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java SE Development Kit 7 Update 13 (Version: 1.7.0.130)
Java SE Development Kit 7 Update 15 (Version: 1.7.0.150)
Java SE Development Kit 7 Update 17 (Version: 1.7.0.170)
Java SE Development Kit 7 Update 9 (Version: 1.7.0.90)
Juniper Networks Host Checker (HKCU Version: 6.4.0.14811)
Juniper Networks Setup Client (HKCU Version: 2.0.2.5745)
Juniper Networks Setup Client Activex Control (Version: 2.0.0.3)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Suite Activation Assistant (Version: 2.7)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mobile Partner (Version: 21.005.15.02.382)
Mozilla Firefox 24.0 (x86 de) (HKCU Version: 24.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
PaperPort Image Printer (Version: 1.00.0000)
QLBCASL (Version: 6.40.17.2)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Business (Version: 10.1)
Roxio Creator Business v10 (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio MyDVD (Version: 10.1.048)
ScanSoft PaperPort 11 (Version: 11.2.0000)
Secunia PSI (3.0.0.6001) (Version: 3.0.0.6001)
Skins (Version: 2008.0508.2151.37248)
Skype™ 6.9 (Version: 6.9.106)
Softonic toolbar on IE and Chrome (Version: 1.8.21.14)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
SoundMAX (Version: 6.10.1.5820)
Speed Test Analysis (Version: 1.0.0.5)
Sweet Home 3D version 4.1
Synaptics Pointing Device Driver (Version: 15.0.24.0)
t@x 2013 (Version: 20.00.8137)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Vista Default Settings (Version: 1.0.6.1)
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\windows\Tasks\Google Software Updater.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Loaded Modules (whitelisted) =============
2008-01-16 17:51 - 2008-01-16 17:51 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2008-02-04 13:29 - 2008-02-04 13:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2003-07-11 02:09 - 2003-07-11 02:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2008-05-08 10:14 - 2008-05-08 10:14 - 00159744 _____ () C:\windows\system32\atitmmxx.dll
2013-08-02 07:40 - 2009-01-09 16:10 - 00139264 _____ () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-10-02 09:04 - 2013-10-02 09:04 - 03279768 _____ () C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox\mozjs.dll
2013-10-10 06:31 - 2013-10-10 06:31 - 16233864 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/31/2013 09:13:11 PM) (Source: LoadPerf) (User: )
Description: >16
Error: (10/31/2013 09:09:40 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\0> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:40 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\0> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:29 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\F8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:27 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\F8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\C9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\C9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\AB> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\AB> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (10/31/2013 09:09:19 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\AA> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (10/31/2013 09:25:53 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (10/31/2013 09:06:55 PM) (Source: Service Control Manager) (User: )
Description: Mobile Partner. OUC%%1053
Error: (10/31/2013 09:06:55 PM) (Source: Service Control Manager) (User: )
Description: 30000Mobile Partner. OUC
Error: (10/31/2013 09:06:55 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (10/31/2013 09:05:34 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 31.10.2013 um 15:20:17 unerwartet heruntergefahren.
Error: (10/31/2013 03:07:42 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
Error: (10/31/2013 03:05:59 PM) (Source: Service Control Manager) (User: )
Description: Mobile Partner. OUC%%1053
Error: (10/31/2013 03:05:59 PM) (Source: Service Control Manager) (User: )
Description: 30000Mobile Partner. OUC
Error: (10/31/2013 03:05:59 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (10/31/2013 03:03:57 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 31.10.2013 um 08:31:06 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (10/31/2013 09:13:11 PM) (Source: LoadPerf)(User: )
Description: >16
Error: (10/31/2013 09:09:40 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\0
Error: (10/31/2013 09:09:40 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\0
Error: (10/31/2013 09:09:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\F8
Error: (10/31/2013 09:09:27 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\F8
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\C9
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\C9
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\AB
Error: (10/31/2013 09:09:26 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\AB
Error: (10/31/2013 09:09:19 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SONJA UND BERND\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5129ZYFP.DEFAULT\CACHE\9\AA
CodeIntegrity Errors:
===================================
Date: 2012-12-29 18:50:24.065
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\verifier.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-23 08:25:09.550
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\verifier.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:36.003
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:35.551
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:35.036
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:34.599
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:34.131
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:33.679
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:33.180
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-29 22:16:32.743
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 58%
Total physical RAM: 2042.47 MB
Available physical RAM: 849.23 MB
Total Pagefile: 4326.18 MB
Available Pagefile: 2791.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:288.09 GB) (Free:200.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:9 GB) (Free:1.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1 GB) (Free:0.99 GB) FAT32
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Und zum Schluss noch GMER - das lief allerdings erst beim zweiten Mal problemlos durch: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-31 22:35:41
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.8909 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\baldham\AppData\Local\Temp\pfdyiaob.sys
---- System - GMER 2.1 ----
SSDT 8F76658E ZwCreateSection
SSDT 8F766598 ZwRequestWaitReplyPort
SSDT 8F766593 ZwSetContextThread
SSDT 8F76659D ZwSetSecurityObject
SSDT 8F7665A2 ZwSystemDebugControl
SSDT 8F76652F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 82AAE860 4 Bytes [8E, 65, 76, 8F]
.text ntkrnlpa.exe!KeSetEvent + 539 82AAEB84 4 Bytes [98, 65, 76, 8F] {CWDE ; JBE 0xffffff93}
.text ntkrnlpa.exe!KeSetEvent + 56D 82AAEBB8 4 Bytes [93, 65, 76, 8F] {XCHG EBX, EAX; JBE 0xffffff93}
.text ntkrnlpa.exe!KeSetEvent + 5D1 82AAEC1C 4 Bytes [9D, 65, 76, 8F] {POPF ; JBE 0xffffff93}
.text ntkrnlpa.exe!KeSetEvent + 619 82AAEC64 4 Bytes [A2, 65, 76, 8F]
.text ...
? C:\windows\System32\Drivers\SafeBoot.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DC0B000, 0x1FB95A, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186c5f047
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186c5f047 (not active ControlSet)
---- EOF - GMER 2.1 ----
Es wäre super, wenn da mal jemand drüber schauen könnte und Vorschläge hat. Katja |
|
31.10.2013, 23:30
| #2 |
| /// the machine /// TB-Ausbilder    | MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) Hi,
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Und ein frisches frst log bitte.
__________________ |
|
01.11.2013, 08:06
| #3 |
| | MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) Hallo schrauber - mal wieder vielen Dank für Deine Hilfe!
__________________Hier die gewünschten Logs: ADW-Cleaner Code:
ATTFilter # AdwCleaner v3.010 - Bericht erstellt am 01/11/2013 um 07:39:21
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzername : baldham - SONJAUNDBERND
# Gestartet von : C:\Users\Sonja und Bernd\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar
Ordner Gefunden : C:\Users\baldham\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Ordner Gefunden C:\Program Files\Ask.com
Ordner Gefunden C:\Program Files\Softonic
Ordner Gefunden C:\Users\baldham\AppData\LocalLow\AskToolbar
Ordner Gefunden C:\Users\baldham\AppData\Roaming\Softonic
Ordner Gefunden C:\Users\Sonja und Bernd\AppData\Local\AskToolbar
Ordner Gefunden C:\Users\Sonja und Bernd\AppData\LocalLow\AskToolbar
Ordner Gefunden C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gefunden : HKLM\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Uniblue\DriverScanner
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com]
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16514
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=336d773f000000000000002264677298
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=336d773f000000000000002264677298
-\\ Google Chrome v
[ Datei : C:\Users\Sonja und Bernd\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\baldham\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : homepage
Gefunden : search_url
Gefunden : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [15464 octets] - [01/11/2013 07:39:21]
########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [15525 octets] ##########
Code:
ATTFilter # AdwCleaner v3.010 - Bericht erstellt am 01/11/2013 um 07:40:27
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzername : baldham - SONJAUNDBERND
# Gestartet von : C:\Users\Sonja und Bernd\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Softonic
Ordner Gelöscht : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Sonja und Bernd\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Sonja und Bernd\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\baldham\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\baldham\AppData\Roaming\Softonic
Ordner Gelöscht : C:\Users\baldham\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Datei Gelöscht : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D004E80-AB53-41E6-94E6-8B0709E8AEB7}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D004E80-AB53-41E6-94E6-8B0709E8AEB7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16514
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Google Chrome v
[ Datei : C:\Users\Sonja und Bernd\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\baldham\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : search_url
Gelöscht : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [15604 octets] - [01/11/2013 07:39:21]
AdwCleaner[S0].txt - [15252 octets] - [01/11/2013 07:40:27]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [15313 octets] ##########
Dann hab ich JRT laufen lassen, es wurde wohl 1 "bad module" gefunden und es wurde ein Neustart verlangt - das hab ich gemacht. Allerdings hat sich weder eine jrt.txt geöffnet, noch finde ich eine über die Suchfunktion - soll ich nochmal laufen lassen? Und zum Schluss nochmal ein frisches FRST-logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013 Ran by baldham (administrator) on SONJAUNDBERND on 01-11-2013 07:59:53 Running from C:\Users\Sonja und Bernd\Desktop Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (SafeBoot International) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (ATI Technologies Inc.) C:\windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\windows\system32\SLsvc.exe (Hewlett-Packard Company) C:\windows\system32\Hpservice.exe (ATI Technologies Inc.) C:\windows\system32\Ati2evxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (ActivIdentity) c:\Program Files\ActivIdentity\ActivClient\accoca.exe (Andrea Electronics Corporation) C:\windows\system32\AEADISRV.EXE (Agere Systems) C:\Windows\system32\agrsmsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ActivIdentity) c:\Program Files\ActivIdentity\ActivClient\acevents.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Secunia) C:\Program Files\Secunia\PSI\PSIA.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe (ActivIdentity) c:\Program Files\ActivIdentity\ActivClient\acevents.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE (Mozilla Corporation) C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Microsoft Corporation) C:\windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [] - [x] HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [293168 2007-05-16] (ActivIdentity) HKLM\...\Run: [CognizanceTS] - rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [File Sanitizer] - C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [10244096 2008-05-02] (Hewlett-Packard) HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe [3842048 2008-03-19] (Analog Devices, Inc.) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2008-04-04] (Analog Devices, Inc.) HKLM\...\Run: [HP Health Check Scheduler] - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1150976 2009-01-19] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe [114688 2009-01-09] (Brother Industries, Ltd.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKCU\...\Run: [FileHippo.com] - C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.) HKCU\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S0].txt [15392 2013-11-01] () HKCU\...\RunOnce: [JRTcleanup] - C:\Users\baldham\AppData\Local\Temp\jrt\JRT.bat [10261 2013-10-16] () MountPoints2: {52dafae9-d120-11dd-9914-806e6f6e6963} - E:\start.exe HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter AppInit_DLLs: APSHook.dll [ 2008-05-21] (Bioscrypt Inc.) Lsa: [Notification Packages] scecli ASWLNPkg ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {7BEB5BB0-9006-4C60-AFE6-513BF461728E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de SearchScopes: HKCU - {4C760211-4F60-4486-8B76-15B912F3C867} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VK^DE&apn_uid=c4147500-675c-474a-8ceb-68e6a663ba2a&apn_sauid=763B56E7-A845-4C47-B999-13B5F3A02736 SearchScopes: HKCU - {F4DB6C26-7BA0-489B-87ED-952F4C5B117A} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=336d773f000000000000002264677298&r=644 BHO: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com) BHO: BHO_Startup Class - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: ======= CHR Extension: (YouTube) - C:\Users\baldham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1 CHR Extension: (Google Search) - C:\Users\baldham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: () - C:\Users\baldham\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.5 CHR Extension: (Gmail) - C:\Users\baldham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\baldham\AppData\Roaming\SpeedTestAnalysis\SpeedTestAnalysis.crx CHR StartMenuInternet: Google Chrome - C:\Users\Sonja und Bernd\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [182576 2007-05-16] (ActivIdentity) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG) R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [111888 2008-05-21] (Bioscrypt Inc.) R2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [137488 2008-05-21] (Bioscrypt Inc.) S2 gupdate1ca1367f7ffad00; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-08-02] (Google Inc.) R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) S4 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [34184 2008-05-14] (Hewlett-Packard Development Company, L.P) R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256512 2008-05-14] (SafeBoot International) R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2008-05-02] (Hewlett-Packard) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [239968 2011-11-07] () R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [12496 2008-05-14] (SafeBoot International) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [108752 2008-05-14] () R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [51376 2008-05-14] (SafeBoot N.V.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [12928 2008-05-14] (SafeBoot International) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) U4 eabfiltr; S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-01 07:51 - 2013-11-01 07:51 - 00000000 ____D C:\windows\ERUNT 2013-11-01 07:48 - 2013-11-01 07:48 - 01033335 _____ (Thisisu) C:\Users\Sonja und Bernd\Desktop\JRT.exe 2013-11-01 07:39 - 2013-11-01 07:40 - 00000000 ____D C:\AdwCleaner 2013-11-01 07:37 - 2013-11-01 07:38 - 01060070 _____ C:\Users\Sonja und Bernd\Desktop\adwcleaner.exe 2013-10-31 22:35 - 2013-10-31 22:35 - 00003059 _____ C:\Users\Sonja und Bernd\gmer.log 2013-10-31 22:05 - 2013-10-31 22:06 - 00377856 _____ C:\Users\Sonja und Bernd\Downloads\gmer_2.1.19163.exe 2013-10-31 22:04 - 2013-10-31 22:05 - 00023801 _____ C:\Users\Sonja und Bernd\Desktop\Addition.txt 2013-10-31 22:03 - 2013-10-31 22:03 - 00000000 ____D C:\FRST 2013-10-31 22:02 - 2013-10-31 22:02 - 01089445 _____ (Farbar) C:\Users\Sonja und Bernd\Desktop\FRST.exe 2013-10-31 22:00 - 2013-10-31 22:00 - 00000534 _____ C:\Users\Sonja und Bernd\Desktop\defogger_disable.log 2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 _____ C:\Users\baldham\defogger_reenable 2013-10-31 21:58 - 2013-10-31 21:58 - 00050477 _____ C:\Users\Sonja und Bernd\Desktop\Defogger.exe 2013-10-31 21:29 - 2013-10-31 21:29 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-31 21:29 - 2013-10-31 21:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-31 21:29 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-10-31 21:18 - 2013-10-31 21:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sonja und Bernd\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-28 22:06 - 2013-10-28 22:17 - 01756320 _____ C:\Users\Sonja und Bernd\Documents\wozi b.sh3d 2013-10-28 19:12 - 2013-10-28 19:19 - 00329851 _____ C:\Users\Sonja und Bernd\Documents\Küche.sh3d 2013-10-28 09:12 - 2013-10-31 23:05 - 02003696 _____ C:\Users\Sonja und Bernd\Documents\wozi.sh3d 2013-10-28 08:48 - 2013-10-28 08:48 - 00005774 _____ C:\Users\baldham\Documents\wohnzi.sh3d 2013-10-28 08:40 - 2013-10-28 08:48 - 00644331 _____ C:\Users\baldham\Documents\wohnzimmer.sh3d 2013-10-28 07:54 - 2013-10-28 07:54 - 00000000 ____D C:\Users\baldham\eTeks 2013-10-28 07:45 - 2013-10-28 07:45 - 00001224 _____ C:\Users\baldham\Desktop\SpeedTestAnalysis.lnk 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\SpeedTestAnalysis 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\Mozilla 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Program Files\Speed Test Analysis 2013-10-28 07:43 - 2013-10-28 07:43 - 00000926 _____ C:\Users\baldham\Desktop\Sweet Home 3D.lnk 2013-10-28 07:43 - 2013-10-28 07:43 - 00000000 ____D C:\Program Files\Sweet Home 3D 2013-10-28 07:27 - 2013-10-28 07:42 - 33703888 _____ (eTeks ) C:\Users\baldham\Desktop\SweetHome3D-4.1-windows-oc.exe 2013-10-27 17:01 - 2013-10-27 17:43 - 79510936 _____ (Trimble Navigation Limited) C:\Users\Sonja und Bernd\Downloads\SketchUp_13.0.4812.exe 2013-10-11 02:15 - 2013-09-22 11:29 - 12336128 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-10-11 02:15 - 2013-09-22 11:22 - 09739264 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-10-11 02:15 - 2013-09-22 11:22 - 01800704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-10-11 02:15 - 2013-09-22 11:14 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-10-11 02:15 - 2013-09-22 11:13 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-10-11 02:15 - 2013-09-22 11:13 - 01104896 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-10-11 02:15 - 2013-09-22 11:12 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2013-10-11 02:15 - 2013-09-22 11:09 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-10-11 02:15 - 2013-09-22 11:08 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-10-11 02:15 - 2013-09-22 11:07 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-10-11 02:15 - 2013-09-22 11:06 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2013-10-11 02:15 - 2013-09-22 11:05 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-10-11 02:15 - 2013-09-22 11:03 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-10-11 02:15 - 2013-09-22 11:03 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-10-11 02:15 - 2013-09-22 11:03 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2013-10-11 02:15 - 2013-09-22 10:59 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-10-10 06:45 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-10-10 06:45 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\windows\system32\d3d10.dll 2013-10-10 06:45 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1core.dll 2013-10-10 06:45 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\d3d10core.dll 2013-10-10 06:45 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1.dll 2013-10-10 06:45 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2013-10-10 06:45 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll 2013-10-10 06:45 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll 2013-10-10 06:45 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-10-10 06:45 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll 2013-10-10 06:45 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2013-10-10 06:45 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll 2013-10-10 06:45 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 06:45 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll 2013-10-10 06:44 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys 2013-10-10 06:44 - 2013-07-03 03:33 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys 2013-10-10 06:44 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys 2013-10-10 06:44 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2013-10-10 06:44 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2013-10-10 06:44 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2013-10-10 06:44 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2013-10-10 06:44 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys 2013-10-10 06:44 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2013-10-10 06:44 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2013-10-10 06:44 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2013-10-10 06:44 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2013-10-07 14:17 - 2013-10-08 19:07 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL3501.tmp 2013-10-07 14:17 - 2013-10-08 19:05 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL2365.tmp 2013-10-02 09:04 - 2013-10-02 18:29 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-11-01 07:55 - 2009-08-02 13:09 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-01 07:54 - 2006-11-02 13:58 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-11-01 07:54 - 2006-11-02 13:45 - 00003216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-01 07:54 - 2006-11-02 13:45 - 00003216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-01 07:53 - 2006-11-02 13:58 - 00032536 _____ C:\windows\Tasks\SCHEDLGU.TXT 2013-11-01 07:52 - 2008-12-23 19:39 - 01327152 _____ C:\windows\WindowsUpdate.log 2013-11-01 07:52 - 2008-12-23 19:39 - 00000012 _____ C:\windows\bthservsdp.dat 2013-11-01 07:51 - 2013-11-01 07:51 - 00000000 ____D C:\windows\ERUNT 2013-11-01 07:48 - 2013-11-01 07:48 - 01033335 _____ (Thisisu) C:\Users\Sonja und Bernd\Desktop\JRT.exe 2013-11-01 07:40 - 2013-11-01 07:39 - 00000000 ____D C:\AdwCleaner 2013-11-01 07:39 - 2012-11-09 15:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-11-01 07:38 - 2013-11-01 07:37 - 01060070 _____ C:\Users\Sonja und Bernd\Desktop\adwcleaner.exe 2013-11-01 07:28 - 2009-08-02 13:09 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-01 07:25 - 2013-02-09 16:56 - 00014998 _____ C:\windows\PFRO.log 2013-10-31 23:05 - 2013-10-28 09:12 - 02003696 _____ C:\Users\Sonja und Bernd\Documents\wozi.sh3d 2013-10-31 22:35 - 2013-10-31 22:35 - 00003059 _____ C:\Users\Sonja und Bernd\gmer.log 2013-10-31 22:35 - 2008-12-23 20:52 - 00000000 ____D C:\Users\Sonja und Bernd 2013-10-31 22:06 - 2013-10-31 22:05 - 00377856 _____ C:\Users\Sonja und Bernd\Downloads\gmer_2.1.19163.exe 2013-10-31 22:05 - 2013-10-31 22:04 - 00023801 _____ C:\Users\Sonja und Bernd\Desktop\Addition.txt 2013-10-31 22:03 - 2013-10-31 22:03 - 00000000 ____D C:\FRST 2013-10-31 22:02 - 2013-10-31 22:02 - 01089445 _____ (Farbar) C:\Users\Sonja und Bernd\Desktop\FRST.exe 2013-10-31 22:00 - 2013-10-31 22:00 - 00000534 _____ C:\Users\Sonja und Bernd\Desktop\defogger_disable.log 2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 _____ C:\Users\baldham\defogger_reenable 2013-10-31 22:00 - 2012-01-02 18:01 - 00000000 ____D C:\Users\baldham 2013-10-31 21:58 - 2013-10-31 21:58 - 00050477 _____ C:\Users\Sonja und Bernd\Desktop\Defogger.exe 2013-10-31 21:57 - 2006-11-02 12:18 - 00000000 ____D C:\windows\schemas 2013-10-31 21:38 - 2013-08-06 08:28 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Local\DoNotTrackPlus 2013-10-31 21:29 - 2013-10-31 21:29 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-31 21:29 - 2013-10-31 21:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-31 21:29 - 2013-10-31 21:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sonja und Bernd\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-30 19:09 - 2008-12-24 12:08 - 00002637 _____ C:\Users\Sonja und Bernd\Desktop\Microsoft Office Word 2003.lnk 2013-10-29 12:36 - 2009-08-02 12:52 - 00001052 _____ C:\windows\Tasks\Google Software Updater.job 2013-10-28 22:17 - 2013-10-28 22:06 - 01756320 _____ C:\Users\Sonja und Bernd\Documents\wozi b.sh3d 2013-10-28 19:23 - 2009-03-21 20:06 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Roaming\Skype 2013-10-28 19:22 - 2012-11-09 15:47 - 00000000 ___RD C:\Program Files\Skype 2013-10-28 19:22 - 2009-03-21 20:06 - 00000000 ____D C:\ProgramData\Skype 2013-10-28 19:19 - 2013-10-28 19:12 - 00329851 _____ C:\Users\Sonja und Bernd\Documents\Küche.sh3d 2013-10-28 08:48 - 2013-10-28 08:48 - 00005774 _____ C:\Users\baldham\Documents\wohnzi.sh3d 2013-10-28 08:48 - 2013-10-28 08:40 - 00644331 _____ C:\Users\baldham\Documents\wohnzimmer.sh3d 2013-10-28 07:54 - 2013-10-28 07:54 - 00000000 ____D C:\Users\baldham\eTeks 2013-10-28 07:45 - 2013-10-28 07:45 - 00001224 _____ C:\Users\baldham\Desktop\SpeedTestAnalysis.lnk 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\SpeedTestAnalysis 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\Mozilla 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Program Files\Speed Test Analysis 2013-10-28 07:45 - 2009-05-03 08:45 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-28 07:43 - 2013-10-28 07:43 - 00000926 _____ C:\Users\baldham\Desktop\Sweet Home 3D.lnk 2013-10-28 07:43 - 2013-10-28 07:43 - 00000000 ____D C:\Program Files\Sweet Home 3D 2013-10-28 07:42 - 2013-10-28 07:27 - 33703888 _____ (eTeks ) C:\Users\baldham\Desktop\SweetHome3D-4.1-windows-oc.exe 2013-10-28 07:26 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public 2013-10-27 17:43 - 2013-10-27 17:01 - 79510936 _____ (Trimble Navigation Limited) C:\Users\Sonja und Bernd\Downloads\SketchUp_13.0.4812.exe 2013-10-25 06:36 - 2008-12-23 21:43 - 00075776 _____ C:\Users\Sonja und Bernd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-24 17:35 - 2009-09-03 16:47 - 00000052 _____ C:\windows\system32\DOErrors.log 2013-10-11 03:05 - 2006-11-02 12:18 - 00000000 ____D C:\windows\Microsoft.NET 2013-10-11 02:57 - 2006-11-02 13:44 - 00419592 _____ C:\windows\system32\FNTCACHE.DAT 2013-10-11 02:56 - 2009-06-27 15:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-11 02:27 - 2013-08-05 14:50 - 00000000 ____D C:\windows\system32\MRT 2013-10-11 02:22 - 2006-11-02 11:24 - 78106760 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe 2013-10-10 06:31 - 2012-03-31 09:29 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2013-10-10 06:31 - 2012-01-03 17:08 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-08 19:07 - 2013-10-07 14:17 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL3501.tmp 2013-10-08 19:05 - 2013-10-07 14:17 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL2365.tmp 2013-10-07 15:37 - 2012-10-30 09:37 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2013-10-07 15:37 - 2012-10-30 09:37 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2013-10-07 15:37 - 2012-10-30 09:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2013-10-02 18:29 - 2013-10-02 09:04 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox 2013-10-02 08:57 - 2011-01-30 11:27 - 00000680 _____ C:\Users\Sonja und Bernd\AppData\Local\d3d9caps.dat Some content of TEMP: ==================== C:\Users\baldham\AppData\Local\Temp\install_helper.exe C:\Users\baldham\AppData\Local\Temp\Quarantine.exe C:\Users\baldham\AppData\Local\Temp\Softonic_chr_1-8-19-3.exe C:\Users\baldham\AppData\Local\Temp\_isB1A7.exe C:\Users\Sonja und Bernd\AppData\Local\Temp\1g37so5d.dll C:\Users\Sonja und Bernd\AppData\Local\Temp\avgnt.exe C:\Users\Sonja und Bernd\AppData\Local\Temp\FileSystemView.dll C:\Users\Sonja und Bernd\AppData\Local\Temp\g6tv7-as.dll C:\Users\Sonja und Bernd\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-01 08:00 ==================== End Of Log ============================ |
|
01.11.2013, 18:47
| #4 |
| /// the machine /// TB-Ausbilder | MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista)ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.11.2013, 13:37
| #5 |
| | MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) So, ich hab das mit dem ESET OnlineScanner jetzt zweimal versucht: einmal im normalen Modus als Administrator und einmal im abgesicherten Modus mit Netzwerkeinstellungen - beide Male hängt sich der PC nach einer gewissen Zeit auf und dann geht nichts mehr. Ich musste dann den PC zum Ausschalten "zwingen"... SecurityCheck und FRST liefen aber: SecurityCheck Code:
ATTFilter Results of screen317's Security Check version 0.99.74 Windows Vista Service Pack 2 x86 Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.6001) Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner HP JavaCard for HP ProtectTools Java 7 Update 25 Java SE Development Kit 7 Update 9 Java SE Development Kit 7 Update 13 Java SE Development Kit 7 Update 15 Java SE Development Kit 7 Update 17 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader XI ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Windows Defender MSASCui.exe Mobile Partner OnlineUpdate ouc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013 Ran by baldham (administrator) on SONJAUNDBERND on 02-11-2013 13:31:35 Running from C:\Users\Sonja und Bernd\Desktop Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (SafeBoot International) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (ATI Technologies Inc.) C:\windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\windows\system32\SLsvc.exe (Hewlett-Packard Company) C:\windows\system32\Hpservice.exe (ATI Technologies Inc.) C:\windows\system32\Ati2evxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (ActivIdentity) c:\Program Files\ActivIdentity\ActivClient\accoca.exe (Andrea Electronics Corporation) C:\windows\system32\AEADISRV.EXE (Agere Systems) C:\Windows\system32\agrsmsvc.exe (ActivIdentity) c:\Program Files\ActivIdentity\ActivClient\acevents.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Secunia) C:\Program Files\Secunia\PSI\PSIA.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (ActivIdentity) c:\Program Files\ActivIdentity\ActivClient\acevents.exe () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Microsoft Corporation) C:\windows\system32\conime.exe (Mozilla Corporation) C:\Users\Sonja und Bernd\AppData\Local\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [] - [x] HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [293168 2007-05-16] (ActivIdentity) HKLM\...\Run: [CognizanceTS] - rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [File Sanitizer] - C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [10244096 2008-05-02] (Hewlett-Packard) HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe [3842048 2008-03-19] (Analog Devices, Inc.) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2008-04-04] (Analog Devices, Inc.) HKLM\...\Run: [HP Health Check Scheduler] - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1150976 2009-01-19] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe [114688 2009-01-09] (Brother Industries, Ltd.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKCU\...\Run: [FileHippo.com] - C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.) HKCU\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S0].txt [15392 2013-11-01] () HKCU\...\RunOnce: [JRTcleanup] - C:\Users\baldham\AppData\Local\Temp\jrt\JRT.bat [10261 2013-10-16] () MountPoints2: {52dafae9-d120-11dd-9914-806e6f6e6963} - E:\start.exe HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] AppInit_DLLs: APSHook.dll [ 2008-05-21] (Bioscrypt Inc.) Lsa: [Notification Packages] scecli ASWLNPkg ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {7BEB5BB0-9006-4C60-AFE6-513BF461728E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de SearchScopes: HKCU - {4C760211-4F60-4486-8B76-15B912F3C867} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VK^DE&apn_uid=c4147500-675c-474a-8ceb-68e6a663ba2a&apn_sauid=763B56E7-A845-4C47-B999-13B5F3A02736 SearchScopes: HKCU - {F4DB6C26-7BA0-489B-87ED-952F4C5B117A} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=336d773f000000000000002264677298&r=644 BHO: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com) BHO: BHO_Startup Class - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: ======= CHR Extension: (YouTube) - C:\Users\baldham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1 CHR Extension: (Google Search) - C:\Users\baldham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: () - C:\Users\baldham\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.5 CHR Extension: (Gmail) - C:\Users\baldham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\baldham\AppData\Roaming\SpeedTestAnalysis\SpeedTestAnalysis.crx CHR StartMenuInternet: Google Chrome - C:\Users\Sonja und Bernd\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [182576 2007-05-16] (ActivIdentity) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG) R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [111888 2008-05-21] (Bioscrypt Inc.) R2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [137488 2008-05-21] (Bioscrypt Inc.) S2 gupdate1ca1367f7ffad00; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-08-02] (Google Inc.) R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) S4 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [34184 2008-05-14] (Hewlett-Packard Development Company, L.P) R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256512 2008-05-14] (SafeBoot International) R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2008-05-02] (Hewlett-Packard) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [239968 2011-11-07] () R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [12496 2008-05-14] (SafeBoot International) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [108752 2008-05-14] () R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [51376 2008-05-14] (SafeBoot N.V.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [12928 2008-05-14] (SafeBoot International) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) U4 eabfiltr; S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-02 13:31 - 2013-11-02 13:31 - 00001195 _____ C:\Users\Sonja und Bernd\checkup.txt 2013-11-02 13:24 - 2013-11-02 13:24 - 00891167 _____ C:\Users\Sonja und Bernd\Desktop\SecurityCheck.exe 2013-11-02 07:33 - 2013-11-02 07:33 - 02347384 _____ (ESET) C:\Users\Sonja und Bernd\Downloads\esetsmartinstaller_enu.exe 2013-11-01 07:51 - 2013-11-01 07:51 - 00000000 ____D C:\windows\ERUNT 2013-11-01 07:48 - 2013-11-01 07:48 - 01033335 _____ (Thisisu) C:\Users\Sonja und Bernd\Desktop\JRT.exe 2013-11-01 07:39 - 2013-11-01 07:40 - 00000000 ____D C:\AdwCleaner 2013-11-01 07:37 - 2013-11-01 07:38 - 01060070 _____ C:\Users\Sonja und Bernd\Desktop\adwcleaner.exe 2013-10-31 22:35 - 2013-10-31 22:35 - 00003059 _____ C:\Users\Sonja und Bernd\gmer.log 2013-10-31 22:05 - 2013-10-31 22:06 - 00377856 _____ C:\Users\Sonja und Bernd\Downloads\gmer_2.1.19163.exe 2013-10-31 22:04 - 2013-10-31 22:05 - 00023801 _____ C:\Users\Sonja und Bernd\Desktop\Addition.txt 2013-10-31 22:03 - 2013-10-31 22:03 - 00000000 ____D C:\FRST 2013-10-31 22:02 - 2013-10-31 22:02 - 01089445 _____ (Farbar) C:\Users\Sonja und Bernd\Desktop\FRST.exe 2013-10-31 22:00 - 2013-10-31 22:00 - 00000534 _____ C:\Users\Sonja und Bernd\Desktop\defogger_disable.log 2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 _____ C:\Users\baldham\defogger_reenable 2013-10-31 21:58 - 2013-10-31 21:58 - 00050477 _____ C:\Users\Sonja und Bernd\Desktop\Defogger.exe 2013-10-31 21:29 - 2013-10-31 21:29 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-31 21:29 - 2013-10-31 21:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-31 21:29 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-10-31 21:18 - 2013-10-31 21:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sonja und Bernd\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-28 22:06 - 2013-10-28 22:17 - 01756320 _____ C:\Users\Sonja und Bernd\Documents\wozi b.sh3d 2013-10-28 19:12 - 2013-10-28 19:19 - 00329851 _____ C:\Users\Sonja und Bernd\Documents\Küche.sh3d 2013-10-28 09:12 - 2013-10-31 23:05 - 02003696 _____ C:\Users\Sonja und Bernd\Documents\wozi.sh3d 2013-10-28 08:48 - 2013-10-28 08:48 - 00005774 _____ C:\Users\baldham\Documents\wohnzi.sh3d 2013-10-28 08:40 - 2013-10-28 08:48 - 00644331 _____ C:\Users\baldham\Documents\wohnzimmer.sh3d 2013-10-28 07:54 - 2013-10-28 07:54 - 00000000 ____D C:\Users\baldham\eTeks 2013-10-28 07:45 - 2013-10-28 07:45 - 00001224 _____ C:\Users\baldham\Desktop\SpeedTestAnalysis.lnk 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\SpeedTestAnalysis 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\Mozilla 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Program Files\Speed Test Analysis 2013-10-28 07:43 - 2013-10-28 07:43 - 00000926 _____ C:\Users\baldham\Desktop\Sweet Home 3D.lnk 2013-10-28 07:43 - 2013-10-28 07:43 - 00000000 ____D C:\Program Files\Sweet Home 3D 2013-10-28 07:27 - 2013-10-28 07:42 - 33703888 _____ (eTeks ) C:\Users\baldham\Desktop\SweetHome3D-4.1-windows-oc.exe 2013-10-27 17:01 - 2013-10-27 17:43 - 79510936 _____ (Trimble Navigation Limited) C:\Users\Sonja und Bernd\Downloads\SketchUp_13.0.4812.exe 2013-10-11 02:15 - 2013-09-22 11:29 - 12336128 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-10-11 02:15 - 2013-09-22 11:22 - 09739264 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-10-11 02:15 - 2013-09-22 11:22 - 01800704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-10-11 02:15 - 2013-09-22 11:14 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-10-11 02:15 - 2013-09-22 11:13 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-10-11 02:15 - 2013-09-22 11:13 - 01104896 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-10-11 02:15 - 2013-09-22 11:12 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2013-10-11 02:15 - 2013-09-22 11:09 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-10-11 02:15 - 2013-09-22 11:08 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-10-11 02:15 - 2013-09-22 11:07 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-10-11 02:15 - 2013-09-22 11:06 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2013-10-11 02:15 - 2013-09-22 11:05 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-10-11 02:15 - 2013-09-22 11:03 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-10-11 02:15 - 2013-09-22 11:03 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-10-11 02:15 - 2013-09-22 11:03 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2013-10-11 02:15 - 2013-09-22 10:59 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-10-10 06:45 - 2013-08-29 08:36 - 02050048 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-10-10 06:45 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\windows\system32\d3d10.dll 2013-10-10 06:45 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1core.dll 2013-10-10 06:45 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\d3d10core.dll 2013-10-10 06:45 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1.dll 2013-10-10 06:45 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2013-10-10 06:45 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll 2013-10-10 06:45 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll 2013-10-10 06:45 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-10-10 06:45 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll 2013-10-10 06:45 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2013-10-10 06:45 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll 2013-10-10 06:45 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 06:45 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll 2013-10-10 06:44 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys 2013-10-10 06:44 - 2013-07-03 03:33 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys 2013-10-10 06:44 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys 2013-10-10 06:44 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2013-10-10 06:44 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2013-10-10 06:44 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2013-10-10 06:44 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2013-10-10 06:44 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys 2013-10-10 06:44 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2013-10-10 06:44 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2013-10-10 06:44 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2013-10-10 06:44 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2013-10-07 14:17 - 2013-10-08 19:07 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL3501.tmp 2013-10-07 14:17 - 2013-10-08 19:05 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL2365.tmp ==================== One Month Modified Files and Folders ======= 2013-11-02 13:31 - 2013-11-02 13:31 - 00001195 _____ C:\Users\Sonja und Bernd\checkup.txt 2013-11-02 13:31 - 2008-12-23 20:52 - 00000000 ____D C:\Users\Sonja und Bernd 2013-11-02 13:27 - 2009-08-02 13:09 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-02 13:24 - 2013-11-02 13:24 - 00891167 _____ C:\Users\Sonja und Bernd\Desktop\SecurityCheck.exe 2013-11-02 13:18 - 2008-12-23 19:39 - 01358572 _____ C:\windows\WindowsUpdate.log 2013-11-02 13:14 - 2009-08-02 13:09 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-02 13:13 - 2006-11-02 13:58 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-11-02 13:13 - 2006-11-02 13:45 - 00003216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-02 13:13 - 2006-11-02 13:45 - 00003216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-02 11:17 - 2012-11-09 15:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-11-02 07:33 - 2013-11-02 07:33 - 02347384 _____ (ESET) C:\Users\Sonja und Bernd\Downloads\esetsmartinstaller_enu.exe 2013-11-01 12:38 - 2008-12-23 19:39 - 00000012 _____ C:\windows\bthservsdp.dat 2013-11-01 12:38 - 2006-11-02 13:58 - 00032536 _____ C:\windows\Tasks\SCHEDLGU.TXT 2013-11-01 07:51 - 2013-11-01 07:51 - 00000000 ____D C:\windows\ERUNT 2013-11-01 07:48 - 2013-11-01 07:48 - 01033335 _____ (Thisisu) C:\Users\Sonja und Bernd\Desktop\JRT.exe 2013-11-01 07:40 - 2013-11-01 07:39 - 00000000 ____D C:\AdwCleaner 2013-11-01 07:38 - 2013-11-01 07:37 - 01060070 _____ C:\Users\Sonja und Bernd\Desktop\adwcleaner.exe 2013-11-01 07:25 - 2013-02-09 16:56 - 00014998 _____ C:\windows\PFRO.log 2013-11-01 07:24 - 2006-11-02 12:18 - 00000000 ____D C:\windows\schemas 2013-10-31 23:05 - 2013-10-28 09:12 - 02003696 _____ C:\Users\Sonja und Bernd\Documents\wozi.sh3d 2013-10-31 22:35 - 2013-10-31 22:35 - 00003059 _____ C:\Users\Sonja und Bernd\gmer.log 2013-10-31 22:06 - 2013-10-31 22:05 - 00377856 _____ C:\Users\Sonja und Bernd\Downloads\gmer_2.1.19163.exe 2013-10-31 22:05 - 2013-10-31 22:04 - 00023801 _____ C:\Users\Sonja und Bernd\Desktop\Addition.txt 2013-10-31 22:03 - 2013-10-31 22:03 - 00000000 ____D C:\FRST 2013-10-31 22:02 - 2013-10-31 22:02 - 01089445 _____ (Farbar) C:\Users\Sonja und Bernd\Desktop\FRST.exe 2013-10-31 22:00 - 2013-10-31 22:00 - 00000534 _____ C:\Users\Sonja und Bernd\Desktop\defogger_disable.log 2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 _____ C:\Users\baldham\defogger_reenable 2013-10-31 22:00 - 2012-01-02 18:01 - 00000000 ____D C:\Users\baldham 2013-10-31 21:58 - 2013-10-31 21:58 - 00050477 _____ C:\Users\Sonja und Bernd\Desktop\Defogger.exe 2013-10-31 21:38 - 2013-08-06 08:28 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Local\DoNotTrackPlus 2013-10-31 21:29 - 2013-10-31 21:29 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-31 21:29 - 2013-10-31 21:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-31 21:29 - 2013-10-31 21:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sonja und Bernd\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-30 19:09 - 2008-12-24 12:08 - 00002637 _____ C:\Users\Sonja und Bernd\Desktop\Microsoft Office Word 2003.lnk 2013-10-29 12:36 - 2009-08-02 12:52 - 00001052 _____ C:\windows\Tasks\Google Software Updater.job 2013-10-28 22:17 - 2013-10-28 22:06 - 01756320 _____ C:\Users\Sonja und Bernd\Documents\wozi b.sh3d 2013-10-28 19:23 - 2009-03-21 20:06 - 00000000 ____D C:\Users\Sonja und Bernd\AppData\Roaming\Skype 2013-10-28 19:22 - 2012-11-09 15:47 - 00000000 ___RD C:\Program Files\Skype 2013-10-28 19:22 - 2009-03-21 20:06 - 00000000 ____D C:\ProgramData\Skype 2013-10-28 19:19 - 2013-10-28 19:12 - 00329851 _____ C:\Users\Sonja und Bernd\Documents\Küche.sh3d 2013-10-28 08:48 - 2013-10-28 08:48 - 00005774 _____ C:\Users\baldham\Documents\wohnzi.sh3d 2013-10-28 08:48 - 2013-10-28 08:40 - 00644331 _____ C:\Users\baldham\Documents\wohnzimmer.sh3d 2013-10-28 07:54 - 2013-10-28 07:54 - 00000000 ____D C:\Users\baldham\eTeks 2013-10-28 07:45 - 2013-10-28 07:45 - 00001224 _____ C:\Users\baldham\Desktop\SpeedTestAnalysis.lnk 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\SpeedTestAnalysis 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Users\baldham\AppData\Roaming\Mozilla 2013-10-28 07:45 - 2013-10-28 07:45 - 00000000 ____D C:\Program Files\Speed Test Analysis 2013-10-28 07:45 - 2009-05-03 08:45 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-28 07:43 - 2013-10-28 07:43 - 00000926 _____ C:\Users\baldham\Desktop\Sweet Home 3D.lnk 2013-10-28 07:43 - 2013-10-28 07:43 - 00000000 ____D C:\Program Files\Sweet Home 3D 2013-10-28 07:42 - 2013-10-28 07:27 - 33703888 _____ (eTeks ) C:\Users\baldham\Desktop\SweetHome3D-4.1-windows-oc.exe 2013-10-28 07:26 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public 2013-10-27 17:43 - 2013-10-27 17:01 - 79510936 _____ (Trimble Navigation Limited) C:\Users\Sonja und Bernd\Downloads\SketchUp_13.0.4812.exe 2013-10-25 06:36 - 2008-12-23 21:43 - 00075776 _____ C:\Users\Sonja und Bernd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-24 17:35 - 2009-09-03 16:47 - 00000052 _____ C:\windows\system32\DOErrors.log 2013-10-11 03:05 - 2006-11-02 12:18 - 00000000 ____D C:\windows\Microsoft.NET 2013-10-11 02:57 - 2006-11-02 13:44 - 00419592 _____ C:\windows\system32\FNTCACHE.DAT 2013-10-11 02:56 - 2009-06-27 15:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-11 02:27 - 2013-08-05 14:50 - 00000000 ____D C:\windows\system32\MRT 2013-10-11 02:22 - 2006-11-02 11:24 - 78106760 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe 2013-10-10 06:31 - 2012-03-31 09:29 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2013-10-10 06:31 - 2012-01-03 17:08 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-08 19:07 - 2013-10-07 14:17 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL3501.tmp 2013-10-08 19:05 - 2013-10-07 14:17 - 00030208 ____H C:\Users\Sonja und Bernd\Documents\~WRL2365.tmp 2013-10-07 15:37 - 2012-10-30 09:37 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2013-10-07 15:37 - 2012-10-30 09:37 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2013-10-07 15:37 - 2012-10-30 09:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys Some content of TEMP: ==================== C:\Users\baldham\AppData\Local\Temp\install_helper.exe C:\Users\baldham\AppData\Local\Temp\Quarantine.exe C:\Users\baldham\AppData\Local\Temp\Softonic_chr_1-8-19-3.exe C:\Users\baldham\AppData\Local\Temp\_isB1A7.exe C:\Users\Sonja und Bernd\AppData\Local\Temp\1g37so5d.dll C:\Users\Sonja und Bernd\AppData\Local\Temp\avgnt.exe C:\Users\Sonja und Bernd\AppData\Local\Temp\FileSystemView.dll C:\Users\Sonja und Bernd\AppData\Local\Temp\g6tv7-as.dll C:\Users\Sonja und Bernd\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-02 13:20 ==================== End Of Log ============================ Das Problem, dass der Laptop sich aufhängt und nichts mehr geht, wenn er eine Zeit lang ohne aktives "Rumklicken" im Internet ist, besteht schon länger - hast Du dazu noch irgendwelche Ideen?? Allgemein gibts noch das Problem, dass der Laptop für mein Empfinden ewig braucht, bis er komplett hochgefahren ist und nutzbar ist. Ist das ein Vista-spezifisches Ding oder kann man da doch irgendwie was ändern? |
|
02.11.2013, 19:13
| #6 |
| /// the machine /// TB-Ausbilder | MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) How to perform a clean boot in Windows 8.1, Windows 8, Windows 7, or Windows Vista Mach mal Clean Boot. Immer noch so langsam?
__________________ --> MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) |
|
02.11.2013, 21:54
| #7 |
| | MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) Clean Boot hab ich ausgeführt - auch wenn ich so rein optisch keinen Unterschied zum normalen Neustart festgestellt hab. Aber das Starten dauert genauso lang... edit: Ich hab jetzt grade nochmal gestartet - ging bedeutend schneller. War das dann jetzt auch noch ein CleanBoot oder wieder ein normaler Start? Und was heißt das jetzt - das tausend Dinge gleichzeitig mitstarten, von denen ich eigentlich gar nix mitkriege? |
|
03.11.2013, 08:11
| #8 |
| /// the machine /// TB-Ausbilder | MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) Solange Du die Haken nicht setzt ist das immer Clean Boot. Schau mal ob sie noch deaktiviert sind. Wenn ja, einen wieder aktivieren, reboot, testen. Wieder einen aktivieren. Solange bis DU weißt welcher Dienst die Bremse ist, dann können wir daran was machen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.11.2013, 09:36
| #9 |
| | MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) So, ich hab jetzt ein bißchen getestet - Adobe Reader Updater verlängert das Starten um ca. 20 Sekunden, bei den anderen Diensten hab ich keine wirklich große Veränderung festgestellt. Was mir aber auffällt, ist, dass das Starten das Admin-Kontos um einiges schneller abläuft als das "normale" Benutzerkonto - kann das evtl. auch nur an den vielen (wahrscheinlich großteils unnützen)n Daten liegen, die da so gesammelt werden? Und welche Idee hättest Du noch für das "Aufhängen" von Firefox? |
|
03.11.2013, 16:47
| #10 |
| /// the machine /// TB-Ausbilder | MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) Ich würd Firefox und Flash Player mal neu installieren. Dann Adobe neu installieren. Datenmüll ist eine Möglichkeit.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.11.2013, 19:35
| #11 |
| | MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) Okay, das werde ich in nächster Zeit mal machen... Waren die angehängten Logfiles denn jetzt sonst sauber - oder gibts von der Seite noch Probleme? |
|
05.11.2013, 12:52
| #12 |
| /// the machine /// TB-Ausbilder | MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) sauber
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista) |
| adobe, adware.installbrain, antivirus, avg, avira searchfree toolbar, branding, device driver, farbar, farbar recovery scan tool, flash player, homepage, internet, launch, mozilla, newtab, plug-in, pup.optional.opencandy, pup.optional.softonic.a, pup.optional.speedanalysis, pup.optional.speedanalysis3.a, rundll, secunia psi, security, services.exe, sketchup, software, super, svchost.exe, trojan.repacked, vista, windows |
Linear-Darstellung
