Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Nach qvo6 und SpyHunter Infektion noch Anzeichen?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.07.2013, 10:09   #1
chalmit
 
Nach qvo6 und SpyHunter Infektion noch Anzeichen? - Frage

Nach qvo6 und SpyHunter Infektion noch Anzeichen?



Hallo Leute,

Vor kurzem hatte ich mich mit dem tollen Hijacker qvo6 infiziert. Jugendlichem Leichtsinn folgende, vertraute ich natürlich dem tollen SpyHunter Programm, der nach einer gründlichen Inspektion meines Systems einiges an Malware fand. Erst als ich mich registrieren sollte, bekam ich erste Zweifel, eingehenderes Auseinandersetzen mit dem Programm entlarvte es selbst als gewiefte Malware
Entsprechend hab ich das Programm deinstalliert und Scans mit Malwarebyte, Adwcleaner06 und Spybot2.1 durchgeführt, um die hartnäckige Mal- und Adware zu killen.

Anscheinend mit Erfolg, zumindest funktioniert mein Browser problemlos und der komische Prozess ist weg. Jedoch plagen mich einige Zweifel, ob jetzt wirklich alles Virenfrei ist und da der PC auch für private Zwecke fürs Online-Banking etc. benutzt werden, wollte ich nun Klarheit mit eurer Hilfe erlangen.

Habe die Hilfestellung durchgelesen und Schritt für Schritt alles durchgescannt.

OTL-Scan (Username durch ..... ersetzt)
Code:
ATTFilter
OTL logfile created on: 22.07.2013 09:12:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\.....\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 62,98% Memory free
7,82 Gb Paging File | 6,16 Gb Available in Paging File | 78,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,82 Gb Total Space | 252,62 Gb Free Space | 55,54% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 0,39 Gb Free Space | 4,03% Space Free | Partition Type: NTFS
 
Computer Name: .....-NOTEBOOK | User Name: ..... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.22 09:09:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\.....\Downloads\OTL.exe
PRC - [2013.06.27 12:49:19 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.27 12:47:34 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.27 12:47:33 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.19 16:59:58 | 000,703,888 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2013.06.19 16:59:42 | 000,557,968 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.26 10:01:24 | 000,062,456 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2013.02.26 10:01:22 | 000,060,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2013.02.26 10:01:08 | 000,044,024 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.02.22 05:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 05:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.17 05:58:42 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.01.07 13:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010.12.02 05:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.11.25 09:51:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010.11.24 09:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2010.04.07 07:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.01 07:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.19 17:00:31 | 000,063,376 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.02.04 08:30:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.01.13 14:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.12.17 08:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010.11.12 11:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.07.05 21:10:52 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.27 12:49:19 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.27 12:47:34 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.19 16:59:42 | 000,557,968 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2013.06.15 01:03:45 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.26 10:01:24 | 000,062,456 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2013.02.26 10:01:08 | 000,044,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2013.01.08 18:23:50 | 000,277,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.04.24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.02.22 05:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 05:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.02.03 20:44:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.01.07 13:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010.12.03 13:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV - [2010.12.03 04:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010.12.02 05:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.11.25 09:51:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010.11.24 09:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.04.12 10:13:08 | 000,142,336 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010.04.07 07:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.06.19 16:42:19 | 000,052,080 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64-6.sys -- (vpnva)
DRV:64bit: - [2013.06.19 16:40:12 | 000,112,080 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2013.04.28 21:42:02 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.28 21:42:02 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.28 21:42:02 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.12.13 17:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.12.12 17:42:28 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.12.06 14:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.23 17:10:13 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2011.03.25 11:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.24 16:36:20 | 001,576,064 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.03.24 12:50:30 | 001,423,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 18:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011.02.04 08:59:50 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.02.04 07:53:42 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.02.03 20:44:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.01.13 14:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.01.13 14:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010.12.14 19:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010.12.07 13:06:42 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.01 05:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.12 11:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.07 07:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010.06.21 05:26:38 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.06.21 05:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010.06.21 05:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.06.21 05:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2010.05.12 18:33:35 | 000,022,328 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010.05.12 12:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.02 04:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.06.27 17:06:54 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0)
DRV - [2010.12.03 13:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{86C70F2C-80BC-425A-B37A-326DAF72A501}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{F2140CFD-E856-402B-8A59-7EA582C45A4A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{82CB8F10-536D-4340-ADF0-D965E260D8C6}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;localhos
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.27 01:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.05 21:10:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.05 21:10:48 | 000,000,000 | ---D | M]
 
[2011.12.22 21:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Extensions
[2013.07.21 22:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\dbjd522f.default\extensions
[2013.07.21 08:35:00 | 000,050,777 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\dbjd522f.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.05.10 11:08:33 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\dbjd522f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.07.05 21:10:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.07.05 21:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.05 21:10:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E8B4238-A2E7-432F-84F6-9BB46CA6A7E2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.21 22:42:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk Q:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.22 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.07.22 00:05:01 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.07.22 00:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.07.21 23:47:37 | 000,000,000 | ---D | C] -- C:\Users\.....\AppData\Local\Conexant
[2013.07.21 23:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
[2013.07.21 23:22:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.07.21 22:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.21 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.07.21 18:27:28 | 000,000,000 | ---D | C] -- C:\Users\.....\AppData\Local\Cisco
[2013.07.21 18:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013.07.21 18:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013.07.21 18:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2013.07.21 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.07.21 18:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.07.21 16:01:02 | 000,000,000 | ---D | C] -- C:\Users\.....\AppData\Roaming\Malwarebytes
[2013.07.21 16:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.21 16:00:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.21 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.07.21 16:00:45 | 000,000,000 | ---D | C] -- C:\Users\.....\AppData\Local\Programs
[2013.07.05 21:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.22 09:09:46 | 000,000,000 | ---- | M] () -- C:\Users\.....\defogger_reenable
[2013.07.22 09:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.22 09:00:12 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.07.22 07:44:26 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.22 07:44:26 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.22 07:44:23 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.22 07:44:23 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.22 07:44:23 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.22 07:44:23 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.22 07:44:23 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.22 07:36:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.22 07:36:20 | 3151,417,344 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.22 00:05:04 | 000,001,390 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.07.21 22:42:47 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.07.21 16:00:55 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.18 23:00:44 | 000,343,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.06 15:30:00 | 000,000,854 | ---- | M] () -- C:\Users\.....\.recently-used.xbel
[2013.07.06 15:13:21 | 002,533,109 | ---- | M] () -- C:\Users\.....\Desktop\CCI14022013_00000.jpg
[2013.07.04 12:38:19 | 000,001,829 | ---- | M] () -- C:\Users\.....\Desktop\Spotify.lnk
[2013.07.04 12:31:16 | 000,000,355 | ---- | M] () -- C:\Users\.....\Documents\Computer - Verknüpfung.lnk
[2013.07.01 16:05:52 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.07.01 00:15:12 | 004,250,584 | ---- | M] () -- C:\Users\Public\Documents\Physio.odp
[2013.06.27 12:49:51 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.22 09:09:46 | 000,000,000 | ---- | C] () -- C:\Users\.....\defogger_reenable
[2013.07.22 00:05:04 | 000,001,402 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.07.22 00:05:04 | 000,001,390 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.07.21 22:42:47 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.07.21 16:00:55 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.06 15:30:00 | 000,000,854 | ---- | C] () -- C:\Users\.....\.recently-used.xbel
[2013.07.06 15:13:18 | 002,533,109 | ---- | C] () -- C:\Users\.....\Desktop\CCI14022013_00000.jpg
[2013.07.04 12:31:16 | 000,000,355 | ---- | C] () -- C:\Users\.....\Documents\Computer - Verknüpfung.lnk
[2013.07.01 16:07:11 | 004,250,584 | ---- | C] () -- C:\Users\Public\Documents\Physio.odp
[2012.12.12 17:41:24 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.12 17:38:16 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.12.12 17:38:14 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.01.29 11:18:01 | 000,045,270 | ---- | C] () -- C:\Users\.....\AppData\Roaming\room_v3.dat
[2012.01.06 13:04:03 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\3FABBAB76C.sys
[2012.01.06 13:04:00 | 000,001,890 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.01.05 15:23:20 | 000,000,008 | RHS- | C] () -- C:\ProgramData\6CB7BAAB3F.sys
[2012.01.05 13:13:37 | 000,000,088 | RHS- | C] () -- C:\ProgramData\67394B94E9.sys
[2011.09.04 18:05:50 | 000,002,724 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.11.26 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\BitComet
[2012.09.22 09:49:43 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\ColorSchemer
[2013.06.16 23:55:02 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Dropbox
[2013.05.17 22:20:03 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\GarenaPlus
[2012.09.13 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\gtk-2.0
[2011.12.28 02:45:11 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\LolClient
[2012.06.22 17:05:03 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\LolClient2
[2011.08.22 17:42:26 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\OpenOffice.org
[2011.08.02 15:07:17 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\PCDr
[2011.10.23 14:46:55 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\ProtectDisc
[2011.07.31 12:59:18 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\PwrMgr
[2011.10.11 11:47:18 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\ratiopharm
[2013.07.22 08:29:03 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Spotify
[2013.07.21 21:03:55 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\TS3Client
[2013.06.02 13:50:20 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\TuneUp Software
[2013.01.01 06:28:05 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\ultrastardx
[2011.07.31 12:56:37 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Update
 
========== Purity Check ==========
 
 

< End of report >
         
Extras
Code:
ATTFilter
OTL Extras logfile created on: 22.07.2013 09:12:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\.....\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 62,98% Memory free
7,82 Gb Paging File | 6,16 Gb Available in Paging File | 78,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,82 Gb Total Space | 252,62 Gb Free Space | 55,54% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 0,39 Gb Free Space | 4,03% Space Free | Partition Type: NTFS
 
Computer Name: .....-NOTEBOOK | User Name: ..... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06975863-0254-40AE-890C-276CA563FEA9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{06F2BA29-784A-4405-980A-5174E12FD0E1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0CD1D1B2-3BDC-4105-936A-EC90099BB896}" = lport=57599 | protocol=6 | dir=in | name=pando media booster | 
"{0F93EC0F-014A-4F68-AAE5-E9E6CDDC350A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{18761D74-F58B-4820-AEA0-E7AB76FF7D71}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{30772AE3-2280-4D55-B2FC-7D80CBB4CD85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{380C99B2-8296-43FC-B29F-D5C779A0D096}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3D1E33B2-6E1E-4660-BB01-3C6B8F593D77}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{416C0C34-EA81-46EB-A6B0-755BE0B5445E}" = lport=57599 | protocol=6 | dir=in | name=pando media booster | 
"{4607C43D-6AAA-40AE-9FC0-E3C928D6DEED}" = lport=137 | protocol=17 | dir=in | app=system | 
"{460E116E-9D44-4F4E-9456-C27C1D31E9DA}" = lport=57599 | protocol=17 | dir=in | name=pando media booster | 
"{5EC099B2-B89A-4EE2-9B43-2ADBEA938FF8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{64197379-AE9D-4DAE-BC8F-8003048B10A9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6E7099B3-D809-4558-8054-1E7A1498E8CC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{87C6943C-0E22-4B7C-A19F-4FFDF3CAF24D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A0A016C4-6350-4240-A2B2-142F64203FD1}" = lport=57599 | protocol=17 | dir=in | name=pando media booster | 
"{AE45818D-891F-4496-B65B-8D2CF065F9DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AFB8EA82-2BF2-420F-9260-CC417C4D0043}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B8A2B46C-6582-4BBB-B3BA-1348E164113C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B8AEDCBD-BD71-4156-9909-3329C235551C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D3091FAC-6EFA-457B-880C-90345C3C4D38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D5237E34-2CE2-4778-86F4-912EAA762244}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DB2BE4A9-E5A3-4858-92BE-ACDEDA86DBD6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DB4A4A48-617F-43E9-8DA6-B3CA4707BDC4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E0A76B48-7FBE-4DCC-AB18-EE48D935B7DD}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08480A38-4E19-4AB1-AB2D-61E23D131E63}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{11D41E84-47FD-4CBD-ABA5-77B69DD8BF66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1428B066-1430-4434-B08A-5CA4CF35D217}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | 
"{162199F2-FA94-4F66-AC6C-60648AD9C864}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | 
"{1D49E0FE-3344-43A2-B97B-CFFF9BB2A684}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{49051126-F7AE-4583-B2B5-56DAA03D04DC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4A50F4DF-D160-4C0F-86E4-2A18F0169FD3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{522D0CE8-3D8A-463B-A7F9-AC71D1185603}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5B8C1BA0-C141-4AC6-A2FF-8D5526BA13ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7269A2DC-F3F3-4C0A-8D02-D9461375235D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7C97BC2B-8D8C-418A-99C3-FFE0AEF24FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{83336E9E-176F-4EE2-A68C-F29D5436485E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{885DC0C8-C169-46CC-8830-412DE9D1D25E}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe | 
"{90E25CAF-8CD2-4729-875E-A79ECA22A11B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0BDAA06-2C9D-4468-BD56-8970480E92AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A6986F0E-2029-40EE-9F7B-E29F9D1763EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC35FD51-F5C9-47B8-B1DD-FE5486EB42F9}" = dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe | 
"{AE5E9769-0742-40CD-A115-7983682533E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BD02413A-6CD8-472B-B409-F79BA5DE4E44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA771759-4936-4AE8-95FE-D88FBBB40F14}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CC9A366C-F92B-44E7-B25D-DE39D6C10B71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CE9B52E7-AEA5-4AF6-9C33-F7B49BC6217C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D0353722-67A0-487B-AAE0-28089636FA55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D3C94BE3-7732-4E7B-A21A-88359D47E437}" = protocol=6 | dir=out | app=system | 
"{E1D4A6B7-EE7A-4D3A-9AA4-63E88587184E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E6E6CAA0-756E-4D2C-B491-92DFDCB3FF81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F85E2413-B838-4F50-AE43-8B32E8364870}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FA60A81B-2058-4EAF-BF44-F897E43EFFBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE7B8D73-ECB2-4B8F-9072-9A30D9FBFA9A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{12566787-EBAF-407A-BCB3-A30A0BBB7BC2}C:\users\.....\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\.....\appdata\local\temp\gw2.exe | 
"TCP Query User{19A2C78C-104B-4B4E-832B-BFD5CEF0A2CC}C:\users\.....\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\.....\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{5B974A65-E0F9-4592-BF41-4ABB42E54BF1}C:\users\.....\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\.....\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{6664CD30-1000-4968-AF90-A968C2CC18E1}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"TCP Query User{6C22859A-6212-425B-8A03-C77E494DA48D}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe | 
"TCP Query User{A4EC2750-89C9-4595-92AD-34552F9EED58}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{A8929D23-EADC-4A86-93F2-FBF5B1313CA2}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{D9CCE64A-E709-43DB-84D4-6ABCBF85689F}C:\users\.....\desktop\warcraft 3\war3.exe" = protocol=6 | dir=in | app=c:\users\.....\desktop\warcraft 3\war3.exe | 
"UDP Query User{00A50763-AECC-4C7B-A448-4F960BE22591}C:\users\.....\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\.....\appdata\local\temp\gw2.exe | 
"UDP Query User{07037845-1208-47CA-8B3B-318394104DF4}C:\users\.....\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\.....\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{4B15A026-1AE3-49BD-BCAA-E2D05D2EFB67}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{524C4A55-E9EF-47C0-BF88-8DD93DEB322D}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{6AFFB06F-17B7-4E73-A764-EEF7E4ED79AC}C:\users\.....\desktop\warcraft 3\war3.exe" = protocol=17 | dir=in | app=c:\users\.....\desktop\warcraft 3\war3.exe | 
"UDP Query User{BE9CB2E2-F8B4-4C8D-83C2-2DAD04425ECA}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{C04DB601-4621-4D8C-95A5-361CADCB8319}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe | 
"UDP Query User{D97E4F6E-6FCE-4E45-8DA9-D5D91E6FEB9D}C:\users\.....\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\.....\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{18B8E257-FEA3-F0EC-0ED1-A4FD4478F8CE}" = ATI Catalyst Install Manager
"{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}" = MrvlUsgTracking64
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{923962D0-B04A-F947-C0B0-3D3A33B65AD1}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"22AF3CC91FBC5231DD5CB8903F03E2AF3E97ADDF" = Windows-Treiberpaket - Realtek (RTL8167) Net  (12/06/2010 7.035.1206.2010)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"5DF942712DC7660AE4A1B04809A1C3F67B0CA27C" = Windows-Treiberpaket - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0)
"73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12" = Windows-Treiberpaket - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008)
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{15ABF562-246B-4CDD-7D7B-C2A7E9DC6912}" = CCC Help Danish
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1C7DF287-ADAD-B3B1-F8B1-6EF9FDD3054F}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2CBC1A16-2674-F781-AF23-4D87B2D4AD6E}" = CCC Help Japanese
"{32E160FE-A115-841D-C35B-5099344D74B3}" = CCC Help Korean
"{35527A2F-B298-47B9-5694-0430264FB700}" = CCC Help English
"{39FCE8D0-680D-D6C2-9884-6F297EAA40CE}" = CCC Help Russian
"{3A4BAA7A-2251-5E2B-0862-C5DE9D325113}" = CCC Help Thai
"{3C1FEEA4-4C28-7F80-5A36-44DB10CF7109}" = CCC Help Norwegian
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{457D9BA9-66DB-01D3-9FFE-9E7CD4D70E06}" = ccc-core-static
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E489FCF-FCE5-4347-A71E-3C5767832C95}" = HPLaserJetHelp_LearnCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5A299BE4-7511-45DB-A221-BFB2C482470D}" = Arithmogriph
"{5B476EAE-336C-4083-DE7F-A2AE52D0167A}" = CCC Help French
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{60BDA28F-268A-0FF3-BA42-E73C08574B57}" = PX Profile Update
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A528C37-10DA-1C09-08C1-B69B2C95006D}" = CCC Help Chinese Standard
"{6DA3A4E0-25FC-4206-4A7A-B4E8826206D4}" = Catalyst Control Center Localization All
"{6E28312D-C579-5C85-30E2-731C3446F98E}" = CCC Help Portuguese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{794DD8BD-C69A-AEEB-3A9E-230F8BB7B807}" = CCC Help Chinese Traditional
"{81AFA4BA-E1DA-D8A8-22E9-54B0CEA7FFEB}" = CCC Help Hungarian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B2A8B60-39DC-DA10-1B7F-05D77BE5BAD5}" = Catalyst Control Center Graphics Previews Common
"{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}" = SAMSUNG USB Driver for Mobile Phones
"{9129BECA-9A66-FF4A-96BF-E4E54C05102F}" = CCC Help Czech
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1221CC-A343-7B37-EF11-6965CCA8D39C}" = CCC Help Spanish
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A833C64A-8367-4683-91FB-E574143A1726}" = Catalyst Control Center - Branding
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AC938019-B63F-4EAC-81BD-7C77B18C484E}" = Cisco AnyConnect Secure Mobility Client
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B52C064D-2ABD-0C1E-613A-94735D04BB19}" = CCC Help Polish
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5EB9B5A-2964-D5A3-869A-520448200FC3}" = PowerXpressHybrid
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{D42EED0A-B0CE-9A2F-CE78-58840840CE06}" = CCC Help Greek
"{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService
"{D7A045AD-9C12-A766-4019-D0364E8938F9}" = Catalyst Control Center InstallProxy
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DD2B2080-F4FB-D276-F8AC-0353F3991BB4}" = CCC Help Italian
"{E776B10D-A90F-7D4A-64A0-3CF44145F6AB}" = Catalyst Control Center Profiles Mobile
"{E8DD6008-F395-4B9E-A585-CE06E03A4FCF}" = mediscript GK1
"{EB25EE32-40AD-F643-D42E-6EEC2D70BEFB}" = CCC Help Dutch
"{EED05EBB-816C-4E30-8175-3B47391E4FE0}" = CCC Help German
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}" = hppusgP1000
"{F20E1660-8109-4048-524D-D9E39AE3B725}" = CCC Help Swedish
"{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}" = HP LaserJet Professional CP1020 Series
"{F4F8DC6B-5591-4F22-BD5D-6CB8AA8D5452}" = hppCP1020LaserJetService
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"ColorSchemerStudio2_is1" = ColorSchemer Studio 2
"DivX Setup" = DivX-Setup
"GeoGebra 4.2" = GeoGebra 4.2
"Guild Wars 2" = Guild Wars 2
"hon" = Heroes of Newerth
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UltraStar Deluxe" = UltraStar Deluxe
"WinGimp-2.0_is1" = GIMP 2.6.11
"WsysControl" = Wsys Control 1.0.0.2557
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.01.2013 12:59:18 | Computer Name = .....-Notebook | Source = PC-Doctor | ID = 1
Description = (4764) Asapi: (17:59:18:9060)(4764) S3LogPusherPlugin.Helper - Error
 -- 340 Unable to storage the test log to medium 
 
Error - 26.01.2013 15:48:36 | Computer Name = .....-Notebook | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 26.01.2013 15:48:36 | Computer Name = .....-Notebook | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 26.01.2013 15:48:36 | Computer Name = .....-Notebook | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 26.01.2013 15:48:36 | Computer Name = .....-Notebook | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 26.01.2013 17:42:59 | Computer Name = .....-Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.01.2013 17:43:14 | Computer Name = .....-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.7.397.0,
 Zeitstempel: 0x4bc33882  Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.2.0.19,
 Zeitstempel: 0x4bab86d4  Ausnahmecode: 0xc0000417  Fehleroffset: 0x000058a9  ID des fehlerhaften
 Prozesses: 0x7d0  Startzeit der fehlerhaften Anwendung: 0x01cdfc0e1a62bcc5  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL  Berichtskennung: 6293f266-6801-11e2-8beb-f0def16b79cd
 
Error - 26.01.2013 20:53:31 | Computer Name = .....-Notebook | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 27.01.2013 14:14:48 | Computer Name = .....-Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.01.2013 14:15:05 | Computer Name = .....-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.7.397.0,
 Zeitstempel: 0x4bc33882  Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.2.0.19,
 Zeitstempel: 0x4bab86d4  Ausnahmecode: 0xc0000417  Fehleroffset: 0x000058a9  ID des fehlerhaften
 Prozesses: 0x8b4  Startzeit der fehlerhaften Anwendung: 0x01cdfcba2f2eca19  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL  Berichtskennung: 7918c296-68ad-11e2-a56a-f0def16b79cd
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 22.07.2013 01:36:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
 603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED 
 
Error - 22.07.2013 01:36:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108865
Description = Function: CPhoneHomeAgent::InitPhoneHomeAgent File: ..\PhoneHomeAgent.cpp
Line:
 519 Illegal last reported time, using default value (0)
 
Error - 22.07.2013 01:36:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File:
 .\HostConfigMgr.cpp Line: 1766 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return
 Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 22.07.2013 01:36:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File:
 .\HostConfigMgr.cpp Line: 1766 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return
 Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 22.07.2013 01:36:49 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
 Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 22.07.2013 01:37:23 | Computer Name = .....-Notebook | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 22.07.2013 01:37:23 | Computer Name = .....-Notebook | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1352 NULL object. Cannot establish a connection at this time.
 
Error - 22.07.2013 01:41:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 22.07.2013 01:41:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 22.07.2013 01:41:45 | Computer Name = .....-Notebook | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
[ System Events ]
Error - 22.07.2013 01:37:24 | Computer Name = .....-Notebook | Source = PNRPSvc | ID = 102
Description = 
 
Error - 22.07.2013 01:37:24 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 22.07.2013 01:37:24 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 22.07.2013 01:37:28 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7034
Description = Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 22.07.2013 01:37:35 | Computer Name = .....-Notebook | Source = PNRPSvc | ID = 102
Description = 
 
Error - 22.07.2013 01:37:35 | Computer Name = .....-Notebook | Source = PNRPSvc | ID = 102
Description = 
 
Error - 22.07.2013 01:37:35 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 22.07.2013 01:37:35 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 22.07.2013 01:37:35 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 22.07.2013 01:37:35 | Computer Name = .....-Notebook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         
Beim anschließenden Scan mit GMER trat ein Bluescreen auf
Habe meines Wissens ordnungsgemäß Avira und den Rest deaktiviert. Wie soll ich hier verfahren?

Ich bedanke mich bei allen Lesern und hoffe auf eine Hilfestellung.

Beste Grüße
chalmit

Alt 22.07.2013, 11:40   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Nach qvo6 und SpyHunter Infektion noch Anzeichen? - Standard

Nach qvo6 und SpyHunter Infektion noch Anzeichen?



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 22.07.2013, 12:55   #3
chalmit
 
Nach qvo6 und SpyHunter Infektion noch Anzeichen? - Standard

Nach qvo6 und SpyHunter Infektion noch Anzeichen?



Hi schrauber,

Danke für deine fixe Antwort.
Hier die Scans:
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by ..... (administrator) on 22-07-2013 12:51:43
Running from C:\Users\.....\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Spotify Ltd) C:\Users\.....\AppData\Roaming\Spotify\spotify.exe
() C:\Users\.....\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-02-26] (Lenovo Group Limited)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-02-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [703888 2013-06-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
HKU\Default\...\RunOnce: [] -  [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [] -  [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {86C70F2C-80BC-425A-B37A-326DAF72A501} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {F2140CFD-E856-402B-8A59-7EA582C45A4A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKCU - {82CB8F10-536D-4340-ADF0-D965E260D8C6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {F2140CFD-E856-402B-8A59-7EA582C45A4A} URL = 
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: groovesharkUnlocker - C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: No Name - C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-28] (Avira Operations GmbH & Co. KG)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2012-12-06] (Intel Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [31592 2010-12-03] (Lenovo Group Limited)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-22 12:50 - 2013-07-22 12:50 - 00032139 _____ C:\Users\.....\Downloads\FRST.txt
2013-07-22 12:50 - 2013-07-22 12:50 - 00024292 _____ C:\Users\.....\Downloads\Addition.txt
2013-07-22 12:49 - 2013-07-22 12:49 - 00000000 ____D C:\FRST
2013-07-22 12:48 - 2013-07-22 12:48 - 01779363 _____ (Farbar) C:\Users\.....\Desktop\FRST64.exe
2013-07-22 09:49 - 2013-07-22 09:49 - 572914034 _____ C:\Windows\MEMORY.DMP
2013-07-22 09:49 - 2013-07-22 09:49 - 00279016 _____ C:\Windows\Minidump\072213-32339-01.dmp
2013-07-22 09:49 - 2013-07-22 09:49 - 00000000 ____D C:\Windows\Minidump
2013-07-22 09:39 - 2013-07-22 09:39 - 00377856 _____ C:\Users\.....\Downloads\gmer_2.1.19163.exe
2013-07-22 09:18 - 2013-07-22 10:09 - 00067342 _____ C:\Users\.....\Downloads\Extras.Txt
2013-07-22 09:17 - 2013-07-22 10:06 - 00080682 _____ C:\Users\.....\Downloads\OTL.Txt
2013-07-22 09:09 - 2013-07-22 09:09 - 00602112 _____ (OldTimer Tools) C:\Users\.....\Downloads\OTL.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00050477 _____ C:\Users\.....\Downloads\Defogger.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00000474 _____ C:\Users\.....\Downloads\defogger_disable.log
2013-07-22 09:09 - 2013-07-22 09:09 - 00000000 _____ C:\Users\.....\defogger_reenable
2013-07-22 09:07 - 2013-07-22 09:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-22 00:05 - 2013-07-22 09:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-22 00:05 - 2013-07-22 00:05 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-22 00:05 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-22 00:04 - 2013-07-22 00:09 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-21 23:58 - 2013-07-22 00:01 - 36271144 _____ (Safer-Networking Ltd.                                       ) C:\Users\.....\Downloads\spybot-2.1.exe
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\Users\.....\AppData\Local\Conexant
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\ProgramData\Conexant
2013-07-21 23:35 - 2013-07-21 23:35 - 00010030 _____ C:\Users\.....\Downloads\hijackthis.log
2013-07-21 23:34 - 2013-07-21 23:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\.....\Downloads\HiJackThis204.exe
2013-07-21 23:33 - 2013-07-21 23:33 - 00000982 _____ C:\AdwCleaner[R2].txt
2013-07-21 23:27 - 2013-07-21 23:27 - 00007519 _____ C:\AdwCleaner[R1].txt
2013-07-21 23:27 - 2013-07-21 23:27 - 00004721 _____ C:\AdwCleaner[S1].txt
2013-07-21 23:26 - 2013-07-21 23:26 - 00666633 _____ C:\Users\.....\Downloads\adwcleaner06.exe
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 _____ C:\autoexec.bat
2013-07-21 22:41 - 2013-07-21 23:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Users\.....\AppData\Local\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\ProgramData\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-21 18:25 - 2013-07-21 18:24 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 18:24 - 2013-07-21 18:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 16:01 - 2013-07-21 16:01 - 00000000 ____D C:\Users\.....\AppData\Roaming\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 16:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 03:43 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 03:43 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 03:43 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 03:43 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 03:43 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 03:43 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-14 03:43 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-14 03:43 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-14 03:43 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 03:43 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 03:43 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 03:43 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-14 03:43 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 03:43 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-14 03:43 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-14 03:43 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-14 03:43 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-14 03:43 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-14 03:43 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-14 03:43 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-14 03:43 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-14 03:43 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-14 03:43 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-14 03:43 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-14 03:43 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-14 03:43 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-14 03:43 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-14 03:43 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-14 03:43 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-14 03:39 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-14 03:39 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-14 03:39 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-14 03:39 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-14 03:38 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-14 03:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-14 03:37 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-06 15:30 - 2013-07-06 15:30 - 00000854 _____ C:\Users\.....\.recently-used.xbel
2013-07-06 15:08 - 2013-07-06 18:46 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part4.rar
2013-07-06 15:08 - 2013-07-06 17:59 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part6.rar
2013-07-06 15:08 - 2013-07-06 17:58 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part5.rar
2013-07-06 11:33 - 2013-07-06 14:24 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part3.rar
2013-07-06 11:33 - 2013-07-06 14:24 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part2.rar
2013-07-06 11:33 - 2013-07-06 13:45 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part1.rar
2013-07-05 21:10 - 2013-07-05 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 12:36 - 2013-07-04 12:36 - 00092776 _____ (Spotify Ltd) C:\Users\.....\Downloads\SpotifySetup.exe
2013-07-04 12:31 - 2013-07-04 12:31 - 00000355 _____ C:\Users\.....\Documents\Computer - Verknüpfung.lnk
2013-07-01 16:07 - 2013-07-01 16:05 - 04387328 _____ C:\Users\Public\Documents\Physio.ppt
2013-07-01 16:07 - 2013-07-01 00:15 - 04250584 _____ C:\Users\Public\Documents\Physio.odp

==================== One Month Modified Files and Folders =======

2013-07-22 12:50 - 2013-07-22 12:50 - 00032139 _____ C:\Users\.....\Downloads\FRST.txt
2013-07-22 12:50 - 2013-07-22 12:50 - 00024292 _____ C:\Users\.....\Downloads\Addition.txt
2013-07-22 12:50 - 2013-05-31 20:27 - 00000000 ____D C:\Users\.....\AppData\Roaming\Spotify
2013-07-22 12:49 - 2013-07-22 12:49 - 00000000 ____D C:\FRST
2013-07-22 12:48 - 2013-07-22 12:48 - 01779363 _____ (Farbar) C:\Users\.....\Desktop\FRST64.exe
2013-07-22 12:41 - 2013-02-27 19:23 - 00000000 ____D C:\Users\.....\AppData\Roaming\TS3Client
2013-07-22 12:40 - 2011-06-19 01:53 - 01136981 _____ C:\Windows\WindowsUpdate.log
2013-07-22 12:03 - 2013-03-05 16:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 10:09 - 2013-07-22 09:18 - 00067342 _____ C:\Users\.....\Downloads\Extras.Txt
2013-07-22 10:06 - 2013-07-22 09:17 - 00080682 _____ C:\Users\.....\Downloads\OTL.Txt
2013-07-22 09:57 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 09:57 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 09:55 - 2011-06-19 11:46 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-22 09:55 - 2011-06-19 11:46 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-22 09:55 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-22 09:49 - 2013-07-22 09:49 - 572914034 _____ C:\Windows\MEMORY.DMP
2013-07-22 09:49 - 2013-07-22 09:49 - 00279016 _____ C:\Windows\Minidump\072213-32339-01.dmp
2013-07-22 09:49 - 2013-07-22 09:49 - 00000000 ____D C:\Windows\Minidump
2013-07-22 09:49 - 2013-06-06 00:08 - 00002925 _____ C:\Windows\setupact.log
2013-07-22 09:49 - 2011-08-02 15:06 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-07-22 09:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-22 09:39 - 2013-07-22 09:39 - 00377856 _____ C:\Users\.....\Downloads\gmer_2.1.19163.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00602112 _____ (OldTimer Tools) C:\Users\.....\Downloads\OTL.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00050477 _____ C:\Users\.....\Downloads\Defogger.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00000474 _____ C:\Users\.....\Downloads\defogger_disable.log
2013-07-22 09:09 - 2013-07-22 09:09 - 00000000 _____ C:\Users\.....\defogger_reenable
2013-07-22 09:09 - 2011-07-31 12:45 - 00000000 ____D C:\Users\.....
2013-07-22 09:08 - 2013-07-22 00:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-22 09:07 - 2013-07-22 09:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-22 09:00 - 2011-08-02 15:06 - 00003508 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-07-22 09:00 - 2011-08-02 15:06 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-07-22 00:09 - 2013-07-22 00:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-22 00:05 - 2013-07-22 00:05 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-22 00:01 - 2013-07-21 23:58 - 36271144 _____ (Safer-Networking Ltd.                                       ) C:\Users\.....\Downloads\spybot-2.1.exe
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\Users\.....\AppData\Local\Conexant
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\ProgramData\Conexant
2013-07-21 23:35 - 2013-07-21 23:35 - 00010030 _____ C:\Users\.....\Downloads\hijackthis.log
2013-07-21 23:34 - 2013-07-21 23:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\.....\Downloads\HiJackThis204.exe
2013-07-21 23:33 - 2013-07-21 23:33 - 00000982 _____ C:\AdwCleaner[R2].txt
2013-07-21 23:29 - 2013-06-06 00:07 - 00003196 _____ C:\Windows\PFRO.log
2013-07-21 23:27 - 2013-07-21 23:27 - 00007519 _____ C:\AdwCleaner[R1].txt
2013-07-21 23:27 - 2013-07-21 23:27 - 00004721 _____ C:\AdwCleaner[S1].txt
2013-07-21 23:27 - 2011-07-31 12:51 - 00001179 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-21 23:27 - 2011-07-31 12:51 - 00000996 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-21 23:26 - 2013-07-21 23:26 - 00666633 _____ C:\Users\.....\Downloads\adwcleaner06.exe
2013-07-21 23:26 - 2011-10-20 10:04 - 00000000 ____D C:\Users\.....\AppData\Roaming\Skype
2013-07-21 23:22 - 2013-07-21 22:41 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 _____ C:\autoexec.bat
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Users\.....\AppData\Local\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\ProgramData\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-21 18:24 - 2013-07-21 18:25 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 18:24 - 2013-07-21 18:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 18:24 - 2012-09-16 09:44 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-21 18:24 - 2011-08-22 17:41 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-21 18:19 - 2011-09-04 20:06 - 00000000 ____D C:\Users\.....\AppData\Local\CrashDumps
2013-07-21 16:01 - 2013-07-21 16:01 - 00000000 ____D C:\Users\.....\AppData\Roaming\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 15:30 - 2013-02-27 19:22 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-07-21 15:30 - 2012-12-21 16:13 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-07-21 15:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-21 15:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-21 08:40 - 2011-08-02 14:53 - 00000000 ____D C:\Users\.....\AppData\Local\Adobe
2013-07-18 23:00 - 2009-07-14 06:45 - 00343688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 15:54 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 15:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 15:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 12:29 - 2013-05-31 20:28 - 00000000 ____D C:\Users\.....\AppData\Local\Spotify
2013-07-17 12:04 - 2013-03-05 17:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-17 12:04 - 2013-03-05 17:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-14 03:44 - 2011-08-02 16:41 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-06 18:46 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part4.rar
2013-07-06 17:59 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part6.rar
2013-07-06 17:58 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part5.rar
2013-07-06 15:31 - 2012-01-06 01:04 - 00000000 ____D C:\Users\.....\.gimp-2.6
2013-07-06 15:30 - 2013-07-06 15:30 - 00000854 _____ C:\Users\.....\.recently-used.xbel
2013-07-06 14:24 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part3.rar
2013-07-06 14:24 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part2.rar
2013-07-06 13:45 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part1.rar
2013-07-06 09:31 - 2012-05-07 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 21:10 - 2013-07-05 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 12:38 - 2013-05-31 20:28 - 00001829 _____ C:\Users\.....\Desktop\Spotify.lnk
2013-07-04 12:38 - 2013-05-31 20:28 - 00001815 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-07-04 12:36 - 2013-07-04 12:36 - 00092776 _____ (Spotify Ltd) C:\Users\.....\Downloads\SpotifySetup.exe
2013-07-04 12:31 - 2013-07-04 12:31 - 00000355 _____ C:\Users\.....\Documents\Computer - Verknüpfung.lnk
2013-07-04 12:31 - 2012-04-24 09:10 - 00000000 ____D C:\Users\.....\Desktop\Medi-Learn
2013-07-04 12:31 - 2011-10-18 10:53 - 00000000 ____D C:\Users\.....\Documents\WS 11-12
2013-07-01 16:07 - 2012-11-25 13:18 - 00019456 ___SH C:\Users\Public\Documents\Thumbs.db
2013-07-01 16:05 - 2013-07-01 16:07 - 04387328 _____ C:\Users\Public\Documents\Physio.ppt
2013-07-01 16:05 - 2011-08-02 15:06 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-07-01 00:15 - 2013-07-01 16:07 - 04250584 _____ C:\Users\Public\Documents\Physio.odp
2013-06-27 13:38 - 2011-08-02 15:06 - 00004248 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-06-27 12:49 - 2013-05-07 21:23 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-20 22:34

==================== End Of Log ============================
         
--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2013
Ran by ..... at 2013-07-22 12:51:57
Running from C:\Users\.....\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Anzeige am Bildschirm (Version: 6.23.00)
Arithmogriph (x32 Version: 1.01.0000)
ATI Catalyst Install Manager (Version: 3.0.808.0)
ATI Uninstaller (Version: 8.811.1.5-110204a-116457C-Lenovo)
Avira Free Antivirus (x32 Version: 13.0.0.3737)
Burn.Now 4.5 (x32 Version: 4.5.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0204.1429.25921)
Catalyst Control Center InstallProxy (x32 Version: 2011.0204.1429.25921)
Catalyst Control Center Localization All (x32 Version: 2011.0204.1429.25921)
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0204.1429.25921)
CCC Help Chinese Standard (x32 Version: 2011.0204.1428.25921)
CCC Help Chinese Traditional (x32 Version: 2011.0204.1428.25921)
CCC Help Czech (x32 Version: 2011.0204.1428.25921)
CCC Help Danish (x32 Version: 2011.0204.1428.25921)
CCC Help Dutch (x32 Version: 2011.0204.1428.25921)
CCC Help English (x32 Version: 2011.0204.1428.25921)
CCC Help Finnish (x32 Version: 2011.0204.1428.25921)
CCC Help French (x32 Version: 2011.0204.1428.25921)
CCC Help German (x32 Version: 2011.0204.1428.25921)
CCC Help Greek (x32 Version: 2011.0204.1428.25921)
CCC Help Hungarian (x32 Version: 2011.0204.1428.25921)
CCC Help Italian (x32 Version: 2011.0204.1428.25921)
CCC Help Japanese (x32 Version: 2011.0204.1428.25921)
CCC Help Korean (x32 Version: 2011.0204.1428.25921)
CCC Help Norwegian (x32 Version: 2011.0204.1428.25921)
CCC Help Polish (x32 Version: 2011.0204.1428.25921)
CCC Help Portuguese (x32 Version: 2011.0204.1428.25921)
CCC Help Russian (x32 Version: 2011.0204.1428.25921)
CCC Help Spanish (x32 Version: 2011.0204.1428.25921)
CCC Help Swedish (x32 Version: 2011.0204.1428.25921)
CCC Help Thai (x32 Version: 2011.0204.1428.25921)
ccc-core-static (x32 Version: 2011.0204.1429.25921)
ccc-utility64 (Version: 2011.0204.1429.25921)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.04059)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04059)
ColorSchemer Studio 2 (x32 Version: Studio v2.1)
Conexant HD Audio (Version: 8.32.27.0)
Corel Burn.Now Lenovo Edition (x32 Version: 4.5.0)
Corel WinDVD (x32 Version: 10.0.5.828)
Create Recovery Media (x32 Version: 1.20.0.00)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00)
DivX-Setup (x32 Version: 2.6.1.3)
dows-Treiberpaket - Realtek (RTL8167) Net  (12/06/2010 7.035.1206.2010) (Version: 12/06/2010 7.035.1206.2010)
GeoGebra 4.2 (x32 Version: 4.2.36.0)
GIMP 2.6.11 (x32 Version: 2.6.11)
Guild Wars 2 (x32)
Heroes of Newerth (x32 Version: 1.0.16)
HP LaserJet P1000 series (x32)
HP LaserJet Professional CP1020 Series (x32)
HPLaserJetHelp_LearnCenter (x32 Version: 1.01.0000)
HPLJUT (x32 Version: 1.00.0008)
hppCP1020LaserJetService (x32 Version: 001.007.00319)
hppLaserJetService (x32 Version: 002.007.00397)
hppMSRedist (x32 Version: 1.00.0000)
hppusgP1000 (x32 Version: 1.1.0.1)
HPSSupply (x32 Version: 2.1.1.0000)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (x32 Version: 1.1.0.1147)
Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Lenovo Auto Scroll Utility (Version: 1.00)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo System Interface Driver (Version: 1.05)
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23)
Lenovo User Guide (x32 Version: 1.0.0008.00)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
mediscript GK1 (x32 Version: 3.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MrvlUsgTracking (x32 Version: 1.0.7)
MrvlUsgTracking64 (Version: 1.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Pando Media Booster (x32 Version: 2.6.0.1)
PowerXpressHybrid (x32 Version: 1.00.0000)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.11)
PX Profile Update (x32 Version: 1.00.1.)
RapidBoot (x32 Version: 1.00)
Realtek Ethernet Controller Driver (x32 Version: 7.35.1206.2010)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
RICOH Media Driver v2.10.18.02 (x32 Version: 2.10.18.02)
SAMSUNG USB Driver for Mobile Phones (x32 Version: 1.3.800.0)
Skype™ 6.3 (x32 Version: 6.3.107)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Spybot - Search & Destroy (x32 Version: 2.1.19)
System Update (x32 Version: 4.00.0039)
TeamSpeak 3 Client (x32 Version: 3.0.10)
ThinkPad Energie-Manager (x32 Version: 3.44)
ThinkPad Power Management Driver (Version: 1.61.00.11)
ThinkPad UltraNav Driver (Version: 15.2.19.0)
ThinkVantage Communications Utility (Version: 2.10.0.0)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.74)
UltraStar Deluxe (x32 Version: 1.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows-Treiberpaket - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008) (Version: 11/06/2010 10.1.0.1008)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (Version: 11/11/2010 1.61.00.11)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (Version: 03/24/2011 15.2.19.0)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
Wsys Control 1.0.0.2557 (x32 Version: 1.0.0.2557)

==================== Restore Points  =========================

26-06-2013 13:58:18 Windows Update
01-07-2013 14:10:53 Windows Update
05-07-2013 18:33:06 Windows Update
13-07-2013 12:09:56 Windows Update
14-07-2013 01:36:17 Windows Update
17-07-2013 10:08:40 Windows Update
20-07-2013 18:34:00 Windows Update
21-07-2013 13:39:18 Windows Update
21-07-2013 16:19:48 Removed Java 7 Update 17 (64-bit)
21-07-2013 16:24:37 Installed Java 7 Update 25
21-07-2013 16:27:14 Installed Cisco AnyConnect Secure Mobility Client
21-07-2013 20:41:32 Installed SpyHunter
21-07-2013 21:21:11 Removed SpyHunter

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F1D5482-5D88-4DDC-98BA-98DB1B15A2CF} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-05-02] (Hewlett Packard)
Task: {1948B888-2138-4604-AAF0-A0885C5891A8} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {29B8EC57-04C6-49CA-9D20-233B3BB023A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-15] (Adobe Systems Incorporated)
Task: {2A46FAF1-CB07-4DC5-A9BA-79B97B7149E1} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe No File
Task: {4D57C0C9-33D8-4F2A-97E0-EF56F2AC9E0C} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {5A7806ED-C6A8-4023-A8FD-8DF2ABB962CC} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {867A6CC9-E781-4975-8027-759F76FBEEAE} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {9B93E78B-A88E-47FC-9CB8-60F11015A515} - System32\Tasks\PMTask => C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe [2011-02-03] (Lenovo Group Limited)
Task: {9DEB8366-6372-4C24-9A5E-E84090A80A24} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {B1389C63-6A0E-45E3-AF41-4429FF953D33} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {CB24B1A7-273B-436E-81E6-BC50AB3806F0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standard-VGA-Grafikkarte
Description: Standard-VGA-Grafikkarte
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardgrafikkartentypen)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2013 09:50:07 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.7.397.0, Zeitstempel: 0x4bc33882
Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.2.0.19, Zeitstempel: 0x4bab86d4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000058a9
ID des fehlerhaften Prozesses: 0x7f4
Startzeit der fehlerhaften Anwendung: 0xHPLaserJetService.exe0
Pfad der fehlerhaften Anwendung: HPLaserJetService.exe1
Pfad des fehlerhaften Moduls: HPLaserJetService.exe2
Berichtskennung: HPLaserJetService.exe3

Error: (07/22/2013 09:50:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2013 09:00:51 AM) (Source: PC-Doctor) (User: )
Description: (5492) Asapi: (09:00:51:3420)(5492) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (07/22/2013 07:37:24 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.7.397.0, Zeitstempel: 0x4bc33882
Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.2.0.19, Zeitstempel: 0x4bab86d4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000058a9
ID des fehlerhaften Prozesses: 0x210
Startzeit der fehlerhaften Anwendung: 0xHPLaserJetService.exe0
Pfad der fehlerhaften Anwendung: HPLaserJetService.exe1
Pfad des fehlerhaften Moduls: HPLaserJetService.exe2
Berichtskennung: HPLaserJetService.exe3

Error: (07/22/2013 07:37:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2013 11:30:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.7.397.0, Zeitstempel: 0x4bc33882
Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.2.0.19, Zeitstempel: 0x4bab86d4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000058a9
ID des fehlerhaften Prozesses: 0x7e8
Startzeit der fehlerhaften Anwendung: 0xHPLaserJetService.exe0
Pfad der fehlerhaften Anwendung: HPLaserJetService.exe1
Pfad des fehlerhaften Moduls: HPLaserJetService.exe2
Berichtskennung: HPLaserJetService.exe3

Error: (07/21/2013 11:30:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2013 06:27:45 PM) (Source: acvpndownloader) (User: )
Description: Function: CDownloaderArgs::GetCertificateInfo
File: .\DownloaderArgs.cpp
Line: 1574
Invoked Function: CCertificateInfoTlv::Assign
Return Code: -23199733 (0xFE9E000B)
Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found

Error: (07/21/2013 06:27:45 PM) (Source: acvpndownloader) (User: )
Description: Function: CCertificateInfoTlv::Assign
File: ..\Common\TLV\CertificateInfoTlv.cpp
Line: 87
Invoked Function: CCertificateInfoTlv::Serialize
Return Code: -23199733 (0xFE9E000B)
Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found

Error: (07/21/2013 06:27:45 PM) (Source: acvpndownloader) (User: )
Description: Function: CCertificateInfoTlv::Serialize
File: ..\Common\TLV\CertificateInfoTlv.cpp
Line: 523
Data to serialize is empty


System errors:
=============
Error: (07/22/2013 09:53:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (07/22/2013 09:53:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (07/22/2013 09:53:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (07/22/2013 09:53:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (07/22/2013 09:53:49 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (07/22/2013 09:53:49 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (07/22/2013 09:53:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (07/22/2013 09:53:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (07/22/2013 09:53:34 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (07/22/2013 09:50:12 AM) (Source: Service Control Manager) (User: )
Description: Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (07/22/2013 09:50:07 AM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe2.7.397.04bc33882hppccompio.DLL1.2.0.194bab86d4c0000417000058a97f401ce86b00187a77bC:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLL53476d4b-f2a3-11e2-84be-cc52afe14a77

Error: (07/22/2013 09:50:04 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2013 09:00:51 AM) (Source: PC-Doctor)(User: )
Description: (5492) Asapi: (09:00:51:3420)(5492) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (07/22/2013 07:37:24 AM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe2.7.397.04bc33882hppccompio.DLL1.2.0.194bab86d4c0000417000058a921001ce869d73d980a1C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLLc90be01f-f290-11e2-ab68-cc52afe14a77

Error: (07/22/2013 07:37:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2013 11:30:42 PM) (Source: Application Error)(User: )
Description: HPLaserJetService.exe2.7.397.04bc33882hppccompio.DLL1.2.0.194bab86d4c0000417000058a97e801ce865975af0c23C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\system32\hppccompio.DLLcb0a67dd-f24c-11e2-b360-cc52afe14a77

Error: (07/21/2013 11:30:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2013 06:27:45 PM) (Source: acvpndownloader)(User: )
Description: Function: CDownloaderArgs::GetCertificateInfo
File: .\DownloaderArgs.cpp
Line: 1574
Invoked Function: CCertificateInfoTlv::Assign
Return Code: -23199733 (0xFE9E000B)
Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found

Error: (07/21/2013 06:27:45 PM) (Source: acvpndownloader)(User: )
Description: Function: CCertificateInfoTlv::Assign
File: ..\Common\TLV\CertificateInfoTlv.cpp
Line: 87
Invoked Function: CCertificateInfoTlv::Serialize
Return Code: -23199733 (0xFE9E000B)
Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found

Error: (07/21/2013 06:27:45 PM) (Source: acvpndownloader)(User: )
Description: Function: CCertificateInfoTlv::Serialize
File: ..\Common\TLV\CertificateInfoTlv.cpp
Line: 523
Data to serialize is empty


CodeIntegrity Errors:
===================================
  Date: 2013-04-28 22:42:50.224
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 22:42:50.174
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 22:42:50.124
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 22:42:50.024
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 22:42:49.964
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 22:42:49.874
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 22:42:49.814
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 22:42:49.764
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 22:42:49.684
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 22:42:49.414
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 4007.23 MB
Available physical RAM: 2440.99 MB
Total Pagefile: 8012.65 MB
Available Pagefile: 6027.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:251.46 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:0.39 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: AC0CFB7D)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 22.07.2013, 14:52   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Nach qvo6 und SpyHunter Infektion noch Anzeichen? - Standard

Nach qvo6 und SpyHunter Infektion noch Anzeichen?



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.07.2013, 16:13   #5
chalmit
 
Nach qvo6 und SpyHunter Infektion noch Anzeichen? - Standard

Nach qvo6 und SpyHunter Infektion noch Anzeichen?



Hier ist er!

Code:
ATTFilter
ComboFix 13-07-22.01 - Helmut 22.07.2013  15:32:47.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4007.2513 [GMT 2:00]
ausgeführt von:: c:\users\Helmut\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\67394B94E9.sys
c:\programdata\6CB7BAAB3F.sys
c:\programdata\Roaming
c:\windows\wininit.ini
Q:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WsysSvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-22 bis 2013-07-22  ))))))))))))))))))))))))))))))
.
.
2013-07-22 10:49 . 2013-07-22 10:49	--------	d-----w-	C:\FRST
2013-07-22 05:56 . 2013-07-22 05:57	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F8108F3-3C0D-41DD-BC77-FD416BC13835}\offreg.dll
2013-07-21 22:05 . 2013-07-22 07:08	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-07-21 22:04 . 2013-07-22 13:37	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-07-21 21:47 . 2013-07-21 21:47	--------	d-----w-	c:\users\Helmut\AppData\Local\Conexant
2013-07-21 21:47 . 2013-07-21 21:47	--------	d-----w-	c:\programdata\Conexant
2013-07-21 20:42 . 2013-07-21 20:42	--------	d-----w-	c:\program files\Enigma Software Group
2013-07-21 20:41 . 2013-07-21 21:22	--------	d-----w-	c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 20:41 . 2013-07-21 20:41	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-07-21 16:27 . 2013-07-21 16:27	--------	d-----w-	c:\users\Helmut\AppData\Local\Cisco
2013-07-21 16:27 . 2013-07-21 16:27	--------	d-----w-	c:\program files (x86)\Cisco
2013-07-21 16:27 . 2013-07-21 16:27	--------	d-----w-	c:\programdata\Cisco
2013-07-21 16:25 . 2013-07-21 16:25	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-07-21 16:25 . 2013-07-21 16:24	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-21 16:24 . 2013-07-21 16:24	--------	d-----w-	c:\program files (x86)\Java
2013-07-21 14:01 . 2013-07-21 14:01	--------	d-----w-	c:\users\Helmut\AppData\Roaming\Malwarebytes
2013-07-21 14:00 . 2013-07-21 14:00	--------	d-----w-	c:\programdata\Malwarebytes
2013-07-21 14:00 . 2013-07-21 14:00	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-21 14:00 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-07-21 14:00 . 2013-07-21 14:00	--------	d-----w-	c:\users\Helmut\AppData\Local\Programs
2013-07-21 13:39 . 2013-07-15 01:34	9460976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F8108F3-3C0D-41DD-BC77-FD416BC13835}\mpengine.dll
2013-07-14 01:39 . 2013-05-27 05:50	1011712	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-14 01:39 . 2013-05-27 05:50	571904	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-14 01:39 . 2013-05-27 05:50	314880	----a-w-	c:\program files\Windows Defender\MpCommu.dll
2013-07-14 01:39 . 2013-05-27 04:57	4608	----a-w-	c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-14 01:39 . 2013-05-27 04:57	54784	----a-w-	c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-14 01:39 . 2013-05-27 04:57	392704	----a-w-	c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-14 01:39 . 2013-05-27 03:15	9216	----a-w-	c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-14 01:39 . 2013-06-04 06:00	624128	----a-w-	c:\windows\system32\qedit.dll
2013-07-14 01:39 . 2013-06-04 04:53	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2013-07-14 01:39 . 2013-05-06 06:03	1887744	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-14 01:39 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-14 01:38 . 2013-06-05 03:34	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-07-14 01:38 . 2013-04-10 05:48	1732608	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-14 01:38 . 2013-04-10 05:46	1393152	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-14 01:38 . 2013-04-10 05:46	1367040	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-14 01:38 . 2013-04-10 05:46	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-07-14 01:38 . 2013-04-10 05:03	936448	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-14 01:37 . 2013-04-02 22:51	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-07-14 01:37 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 16:24 . 2012-09-16 07:44	867240	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-07-21 16:24 . 2011-08-22 15:41	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-07-14 01:44 . 2011-08-02 14:41	78185248	----a-w-	c:\windows\system32\MRT.exe
2013-06-27 10:49 . 2013-05-07 19:23	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-06-19 15:00 . 2013-06-19 15:00	11152	----a-w-	c:\windows\SysWow64\vpncategories.dll
2013-06-19 15:00 . 2013-06-19 15:00	34192	----a-w-	c:\windows\SysWow64\vpnevents.dll
2013-06-19 14:42 . 2013-06-19 14:42	52080	----a-w-	c:\windows\system32\drivers\vpnva64-6.sys
2013-06-19 14:40 . 2013-06-19 14:40	112080	----a-r-	c:\windows\system32\drivers\acsock64.sys
2013-06-14 23:03 . 2013-03-05 14:46	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-14 23:03 . 2013-03-05 14:46	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-01 11:27 . 2011-09-04 16:05	2724	--sha-w-	c:\programdata\KGyGaAvL.sys
2013-05-13 05:51 . 2013-06-14 21:24	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-14 21:24	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-14 21:24	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-14 21:24	52224	----a-w-	c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-14 21:24	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-14 21:24	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-14 21:24	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-14 21:24	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-14 21:24	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-14 21:24	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-14 21:25	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-14 21:25	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-14 21:27	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-28 19:42 . 2013-04-28 19:46	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-28 19:42 . 2013-04-28 19:46	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-04-28 19:42 . 2013-04-28 19:46	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-04-26 05:51 . 2013-06-14 21:25	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-14 21:25	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-14 21:24	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-04 336384]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-06-19 703888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"RotateImage"=c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
"PWMTRV"=rundll32 c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys;c:\windows\SYSNATIVE\drivers\hppdbulkio.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-05 23:03]
.
2013-07-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2013-07-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-08 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-08 399856]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-02-26 60920]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;localhos
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-WsysControl - c:\programdata\eSafe\eGdpSvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-22  15:42:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-22 13:42
.
Vor Suchlauf: 13 Verzeichnis(se), 268.304.855.040 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 268.092.833.792 Bytes frei
.
- - End Of File - - 902DB9585EFC3631EB1613C567365AA9
D41D8CD98F00B204E9800998ECF8427E
         


Alt 22.07.2013, 18:33   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Nach qvo6 und SpyHunter Infektion noch Anzeichen? - Standard

Nach qvo6 und SpyHunter Infektion noch Anzeichen?



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Nach qvo6 und SpyHunter Infektion noch Anzeichen?

Alt 23.07.2013, 12:09   #7
chalmit
 
Nach qvo6 und SpyHunter Infektion noch Anzeichen? - Standard

Nach qvo6 und SpyHunter Infektion noch Anzeichen?



Hi schrauber,
Es muss ja wirklich schlecht stehen bei diesen ganzen Tests :P
Adw:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 23/07/2013 um 11:59:49 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : ..... - .....-NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\.....\Desktop\adwcleaner06.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [860 octets] - [23/07/2013 11:57:08]
AdwCleaner[S2].txt - [344 octets] - [23/07/2013 11:59:36]
AdwCleaner[S3].txt - [853 octets] - [23/07/2013 11:59:49]

########## EOF - C:\AdwCleaner[S3].txt - [912 octets] ##########
         

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Professional x64
Ran by Helmut on 23.07.2013 at 12:02:48,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\dbjd522f.default\prefs.js

user_pref("extensions.crossrider.bic", "14002ee2390203b522fdaf7a9add7dfe");
Emptied folder: C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\dbjd522f.default\minidumps [280 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2013 at 12:06:27,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Edit:
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01
Ran by ..... (administrator) on 23-07-2013 12:12:51
Running from C:\Users\.....\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett Packard) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-02-26] (Lenovo Group Limited)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-02-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [703888 2013-06-19] (Cisco Systems, Inc.)
HKU\Default\...\RunOnce: [] -  [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [] -  [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {86C70F2C-80BC-425A-B37A-326DAF72A501} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {F2140CFD-E856-402B-8A59-7EA582C45A4A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {82CB8F10-536D-4340-ADF0-D965E260D8C6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {82CB8F10-536D-4340-ADF0-D965E260D8C6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {F2140CFD-E856-402B-8A59-7EA582C45A4A} URL = 
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: groovesharkUnlocker - C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: No Name - C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-28] (Avira Operations GmbH & Co. KG)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2012-12-06] (Intel Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [31592 2010-12-03] (Lenovo Group Limited)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-23 12:12 - 2013-07-23 12:12 - 01779447 _____ (Farbar) C:\Users\.....\Desktop\FRST64.exe
2013-07-23 12:06 - 2013-07-23 12:06 - 00001167 _____ C:\Users\.....\Desktop\JRT.txt
2013-07-23 12:02 - 2013-07-23 12:02 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 12:01 - 2013-07-23 12:01 - 00000976 _____ C:\Users\.....\Desktop\AdwCleaner[S3].txt
2013-07-23 11:59 - 2013-07-23 11:59 - 00000980 _____ C:\AdwCleaner[S3].txt
2013-07-23 11:59 - 2013-07-23 11:59 - 00000344 _____ C:\AdwCleaner[S2].txt
2013-07-23 11:58 - 2013-07-23 11:58 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\.....\Desktop\JRT.exe
2013-07-23 11:57 - 2013-07-23 11:57 - 00000860 _____ C:\AdwCleaner[R3].txt
2013-07-22 20:37 - 2013-07-22 20:39 - 00000000 ____D C:\Windows\system32\MRT
2013-07-22 16:07 - 2013-07-22 16:07 - 00022973 _____ C:\ComboFix.txt
2013-07-22 15:32 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-22 15:32 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-22 15:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-22 15:31 - 2013-07-22 16:07 - 00000000 ____D C:\Qoobox
2013-07-22 15:31 - 2013-07-22 15:41 - 00000000 ____D C:\Windows\erdnt
2013-07-22 15:28 - 2013-07-22 15:28 - 05091940 ____R (Swearware) C:\Users\.....\Desktop\ComboFix.exe
2013-07-22 12:49 - 2013-07-22 12:49 - 00000000 ____D C:\FRST
2013-07-22 09:49 - 2013-07-22 09:49 - 572914034 _____ C:\Windows\MEMORY.DMP
2013-07-22 09:49 - 2013-07-22 09:49 - 00279016 _____ C:\Windows\Minidump\072213-32339-01.dmp
2013-07-22 09:49 - 2013-07-22 09:49 - 00000000 ____D C:\Windows\Minidump
2013-07-22 09:39 - 2013-07-22 09:39 - 00377856 _____ C:\Users\.....\Downloads\gmer_2.1.19163.exe
2013-07-22 09:17 - 2013-07-22 10:06 - 00080682 _____ C:\Users\.....\Downloads\OTL.Txt
2013-07-22 09:09 - 2013-07-22 09:09 - 00602112 _____ (OldTimer Tools) C:\Users\.....\Downloads\OTL.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00050477 _____ C:\Users\.....\Downloads\Defogger.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00000000 _____ C:\Users\.....\defogger_reenable
2013-07-22 09:07 - 2013-07-22 09:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-22 00:05 - 2013-07-22 09:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-22 00:04 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\Users\.....\AppData\Local\Conexant
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\ProgramData\Conexant
2013-07-21 23:26 - 2013-07-21 23:26 - 00666633 _____ C:\Users\.....\Desktop\adwcleaner06.exe
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 _____ C:\autoexec.bat
2013-07-21 22:41 - 2013-07-21 23:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Users\.....\AppData\Local\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\ProgramData\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-21 18:25 - 2013-07-21 18:24 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 18:24 - 2013-07-21 18:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 16:01 - 2013-07-21 16:01 - 00000000 ____D C:\Users\.....\AppData\Roaming\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 16:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 03:43 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 03:43 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 03:43 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 03:43 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 03:43 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 03:43 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-14 03:43 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-14 03:43 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-14 03:43 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 03:43 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 03:43 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 03:43 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-14 03:43 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 03:43 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-14 03:43 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-14 03:43 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-14 03:43 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-14 03:43 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-14 03:43 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-14 03:43 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-14 03:43 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-14 03:43 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-14 03:43 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-14 03:43 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-14 03:43 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-14 03:43 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-14 03:43 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-14 03:43 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-14 03:43 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-14 03:39 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-14 03:39 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-14 03:39 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-14 03:39 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-14 03:38 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-14 03:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-14 03:37 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-06 15:30 - 2013-07-06 15:30 - 00000854 _____ C:\Users\.....\.recently-used.xbel
2013-07-06 15:08 - 2013-07-06 18:46 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part4.rar
2013-07-06 15:08 - 2013-07-06 17:59 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part6.rar
2013-07-06 15:08 - 2013-07-06 17:58 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part5.rar
2013-07-06 11:33 - 2013-07-06 14:24 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part3.rar
2013-07-06 11:33 - 2013-07-06 14:24 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part2.rar
2013-07-06 11:33 - 2013-07-06 13:45 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part1.rar
2013-07-05 21:10 - 2013-07-05 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 12:31 - 2013-07-04 12:31 - 00000355 _____ C:\Users\.....\Documents\Computer - Verknüpfung.lnk
2013-07-01 16:07 - 2013-07-01 16:05 - 04387328 _____ C:\Users\Public\Documents\Physio.ppt
2013-07-01 16:07 - 2013-07-01 00:15 - 04250584 _____ C:\Users\Public\Documents\Physio.odp

==================== One Month Modified Files and Folders =======

2013-07-23 12:12 - 2013-07-23 12:12 - 01779447 _____ (Farbar) C:\Users\.....\Desktop\FRST64.exe
2013-07-23 12:09 - 2013-05-31 20:27 - 00000000 ____D C:\Users\.....\AppData\Roaming\Spotify
2013-07-23 12:08 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 12:08 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 12:06 - 2013-07-23 12:06 - 00001167 _____ C:\Users\.....\Desktop\JRT.txt
2013-07-23 12:03 - 2013-03-05 16:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 12:02 - 2013-07-23 12:02 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 12:02 - 2011-08-02 15:06 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-07-23 12:01 - 2013-07-23 12:01 - 00000976 _____ C:\Users\.....\Desktop\AdwCleaner[S3].txt
2013-07-23 12:00 - 2013-06-06 00:08 - 00003205 _____ C:\Windows\setupact.log
2013-07-23 12:00 - 2011-06-19 01:53 - 01282760 _____ C:\Windows\WindowsUpdate.log
2013-07-23 12:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 11:59 - 2013-07-23 11:59 - 00000980 _____ C:\AdwCleaner[S3].txt
2013-07-23 11:59 - 2013-07-23 11:59 - 00000344 _____ C:\AdwCleaner[S2].txt
2013-07-23 11:58 - 2013-07-23 11:58 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\.....\Desktop\JRT.exe
2013-07-23 11:57 - 2013-07-23 11:57 - 00000860 _____ C:\AdwCleaner[R3].txt
2013-07-23 11:55 - 2011-06-19 11:46 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-23 11:55 - 2011-06-19 11:46 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-23 11:55 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-23 02:07 - 2013-06-06 00:07 - 00007536 _____ C:\Windows\PFRO.log
2013-07-22 20:39 - 2013-07-22 20:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-22 20:31 - 2011-10-20 10:04 - 00000000 ____D C:\Users\.....\AppData\Roaming\Skype
2013-07-22 16:07 - 2013-07-22 16:07 - 00022973 _____ C:\ComboFix.txt
2013-07-22 16:07 - 2013-07-22 15:31 - 00000000 ____D C:\Qoobox
2013-07-22 16:05 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-22 15:42 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-22 15:41 - 2013-07-22 15:31 - 00000000 ____D C:\Windows\erdnt
2013-07-22 15:37 - 2013-07-22 00:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-22 15:28 - 2013-07-22 15:28 - 05091940 ____R (Swearware) C:\Users\.....\Desktop\ComboFix.exe
2013-07-22 12:49 - 2013-07-22 12:49 - 00000000 ____D C:\FRST
2013-07-22 12:41 - 2013-02-27 19:23 - 00000000 ____D C:\Users\.....\AppData\Roaming\TS3Client
2013-07-22 10:06 - 2013-07-22 09:17 - 00080682 _____ C:\Users\.....\Downloads\OTL.Txt
2013-07-22 09:49 - 2013-07-22 09:49 - 572914034 _____ C:\Windows\MEMORY.DMP
2013-07-22 09:49 - 2013-07-22 09:49 - 00279016 _____ C:\Windows\Minidump\072213-32339-01.dmp
2013-07-22 09:49 - 2013-07-22 09:49 - 00000000 ____D C:\Windows\Minidump
2013-07-22 09:39 - 2013-07-22 09:39 - 00377856 _____ C:\Users\.....\Downloads\gmer_2.1.19163.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00602112 _____ (OldTimer Tools) C:\Users\.....\Downloads\OTL.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00050477 _____ C:\Users\.....\Downloads\Defogger.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00000000 _____ C:\Users\.....\defogger_reenable
2013-07-22 09:09 - 2011-07-31 12:45 - 00000000 ____D C:\Users\.....
2013-07-22 09:08 - 2013-07-22 00:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-22 09:07 - 2013-07-22 09:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-22 09:00 - 2011-08-02 15:06 - 00003508 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-07-22 09:00 - 2011-08-02 15:06 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\Users\.....\AppData\Local\Conexant
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\ProgramData\Conexant
2013-07-21 23:27 - 2011-07-31 12:51 - 00001179 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-21 23:27 - 2011-07-31 12:51 - 00000996 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-21 23:26 - 2013-07-21 23:26 - 00666633 _____ C:\Users\.....\Desktop\adwcleaner06.exe
2013-07-21 23:22 - 2013-07-21 22:41 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 _____ C:\autoexec.bat
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Users\.....\AppData\Local\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\ProgramData\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-21 18:24 - 2013-07-21 18:25 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 18:24 - 2013-07-21 18:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 18:24 - 2012-09-16 09:44 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-21 18:24 - 2011-08-22 17:41 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-21 18:19 - 2011-09-04 20:06 - 00000000 ____D C:\Users\.....\AppData\Local\CrashDumps
2013-07-21 16:01 - 2013-07-21 16:01 - 00000000 ____D C:\Users\.....\AppData\Roaming\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 15:30 - 2013-02-27 19:22 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-07-21 15:30 - 2012-12-21 16:13 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-07-21 15:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-21 15:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-21 08:40 - 2011-08-02 14:53 - 00000000 ____D C:\Users\.....\AppData\Local\Adobe
2013-07-18 23:00 - 2009-07-14 06:45 - 00343688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 15:54 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 15:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 15:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 12:29 - 2013-05-31 20:28 - 00000000 ____D C:\Users\.....\AppData\Local\Spotify
2013-07-17 12:04 - 2013-03-05 17:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-17 12:04 - 2013-03-05 17:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-06 18:46 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part4.rar
2013-07-06 17:59 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part6.rar
2013-07-06 17:58 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part5.rar
2013-07-06 15:31 - 2012-01-06 01:04 - 00000000 ____D C:\Users\.....\.gimp-2.6
2013-07-06 15:30 - 2013-07-06 15:30 - 00000854 _____ C:\Users\.....\.recently-used.xbel
2013-07-06 14:24 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part3.rar
2013-07-06 14:24 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part2.rar
2013-07-06 13:45 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part1.rar
2013-07-06 09:31 - 2012-05-07 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 21:10 - 2013-07-05 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 12:38 - 2013-05-31 20:28 - 00001829 _____ C:\Users\.....\Desktop\Spotify.lnk
2013-07-04 12:38 - 2013-05-31 20:28 - 00001815 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-07-04 12:31 - 2013-07-04 12:31 - 00000355 _____ C:\Users\.....\Documents\Computer - Verknüpfung.lnk
2013-07-04 12:31 - 2012-04-24 09:10 - 00000000 ____D C:\Users\.....\Desktop\Medi-Learn
2013-07-04 12:31 - 2011-10-18 10:53 - 00000000 ____D C:\Users\.....\Documents\WS 11-12
2013-07-01 16:07 - 2012-11-25 13:18 - 00019456 ___SH C:\Users\Public\Documents\Thumbs.db
2013-07-01 16:05 - 2013-07-01 16:07 - 04387328 _____ C:\Users\Public\Documents\Physio.ppt
2013-07-01 16:05 - 2011-08-02 15:06 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-07-01 00:15 - 2013-07-01 16:07 - 04250584 _____ C:\Users\Public\Documents\Physio.odp
2013-06-27 13:38 - 2011-08-02 15:06 - 00004248 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-06-27 12:49 - 2013-05-07 21:23 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-24 00:57 - 2011-08-02 16:41 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-20 22:34

==================== End Of Log ============================
         
--- --- ---

Geändert von chalmit (23.07.2013 um 12:14 Uhr)

Alt 23.07.2013, 12:59   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Nach qvo6 und SpyHunter Infektion noch Anzeichen? - Standard

Nach qvo6 und SpyHunter Infektion noch Anzeichen?



Viel Müll drauf. Noch nen Onlinescan zur Kontrolle, Reste entfernen, Fertig


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.07.2013, 15:16   #9
chalmit
 
Nach qvo6 und SpyHunter Infektion noch Anzeichen? - Standard

Nach qvo6 und SpyHunter Infektion noch Anzeichen?



Probleme an sich gibts keine (außer dass ESET anscheinend wieder was gefunden hat )
Eigentlich sonst nur das große Fragezeichen über meinem Kopf:
Wie sicher sind meine Passwörter - sollte ich die jetzt umändern, da ja doch einiges drauf zu sein schien? Ist der PC Viren und Malware frei oder läuft es doch auf eine Systemneuaufsetzung hinaus? und wenn man unbewusst so viel Mist auf den PC kriegt: Wie schützt man sich dagegen?

Wie erwähnt, mache hier Online-Banking, Facebook etc und hab eigentlich weniger Lust, dass sensible Daten an Dritte weitergereicht werden :/

Hier die Logs
ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=37e3ecdf7431f14693f1341bd53258ad
# engine=14503
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-23 01:01:40
# local_time=2013-07-23 03:01:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 11133 145255805 3918 0
# compatibility_mode=5893 16776573 100 94 0 126214350 0 0
# scanned=173806
# found=1
# cleaned=0
# scan_time=2699
sh=586712E0B1B2DE199A070DB6312589DA1FA69A6E ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan" ac=I fn="C:\Users\.....\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I67Y8152\cpvload[1].htm"
         
Security Check (ging unter Windows Prof. 64 Bit SP1 iwie nicht, mit Kompabilität auf XP klappte es - auch hier Fragezeichen, vor allem wieso der Reader nicht aktuell ist???)
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.70  
 Windows XP  x64 (UAC is enabled)  
 Out of date service pack!! 
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
 Avira successfully updated! 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 	11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (22.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01
Ran by ..... (administrator) on 23-07-2013 15:11:06
Running from C:\Users\.....\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett Packard) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-02-26] (Lenovo Group Limited)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-02-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [703888 2013-06-19] (Cisco Systems, Inc.)
HKU\Default\...\RunOnce: [] -  [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {86C70F2C-80BC-425A-B37A-326DAF72A501} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {F2140CFD-E856-402B-8A59-7EA582C45A4A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {82CB8F10-536D-4340-ADF0-D965E260D8C6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {82CB8F10-536D-4340-ADF0-D965E260D8C6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {F2140CFD-E856-402B-8A59-7EA582C45A4A} URL = 
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: groovesharkUnlocker - C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: No Name - C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\dbjd522f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-28] (Avira Operations GmbH & Co. KG)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2012-12-06] (Intel Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [31592 2010-12-03] (Lenovo Group Limited)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-23] (Avira GmbH)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-23 15:10 - 2013-07-23 15:10 - 00001056 _____ C:\Users\.....\Desktop\checkup.txt
2013-07-23 15:10 - 2013-07-23 15:10 - 00001037 _____ C:\AdwCleaner[R4].txt
2013-07-23 15:08 - 2013-07-23 15:08 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-07-23 15:07 - 2013-07-23 15:07 - 00002964 _____ C:\Windows\System32\Tasks\{3B6A3BD6-66E6-45B7-AFA2-E5C5AF88BCEC}
2013-07-23 15:06 - 2013-07-23 15:06 - 00891062 _____ C:\Users\.....\Desktop\SecurityCheck.exe
2013-07-23 13:09 - 2013-07-23 13:09 - 02347384 _____ (ESET) C:\Users\.....\Desktop\esetsmartinstaller_enu.exe
2013-07-23 12:12 - 2013-07-23 12:12 - 01779447 _____ (Farbar) C:\Users\.....\Desktop\FRST64.exe
2013-07-23 12:06 - 2013-07-23 12:06 - 00001167 _____ C:\Users\.....\Desktop\JRT.txt
2013-07-23 12:02 - 2013-07-23 12:02 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 12:01 - 2013-07-23 12:01 - 00000976 _____ C:\Users\.....\Desktop\AdwCleaner[S3].txt
2013-07-23 11:59 - 2013-07-23 11:59 - 00000980 _____ C:\AdwCleaner[S3].txt
2013-07-23 11:59 - 2013-07-23 11:59 - 00000344 _____ C:\AdwCleaner[S2].txt
2013-07-23 11:58 - 2013-07-23 11:58 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\.....\Desktop\JRT.exe
2013-07-23 11:57 - 2013-07-23 11:57 - 00000860 _____ C:\AdwCleaner[R3].txt
2013-07-22 20:37 - 2013-07-22 20:39 - 00000000 ____D C:\Windows\system32\MRT
2013-07-22 16:07 - 2013-07-22 16:07 - 00022973 _____ C:\ComboFix.txt
2013-07-22 15:32 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-22 15:32 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-22 15:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-22 15:32 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-22 15:31 - 2013-07-22 16:07 - 00000000 ____D C:\Qoobox
2013-07-22 15:31 - 2013-07-22 15:41 - 00000000 ____D C:\Windows\erdnt
2013-07-22 15:28 - 2013-07-22 15:28 - 05091940 ____R (Swearware) C:\Users\.....\Desktop\ComboFix.exe
2013-07-22 12:49 - 2013-07-22 12:49 - 00000000 ____D C:\FRST
2013-07-22 09:49 - 2013-07-22 09:49 - 572914034 _____ C:\Windows\MEMORY.DMP
2013-07-22 09:49 - 2013-07-22 09:49 - 00279016 _____ C:\Windows\Minidump\072213-32339-01.dmp
2013-07-22 09:49 - 2013-07-22 09:49 - 00000000 ____D C:\Windows\Minidump
2013-07-22 09:39 - 2013-07-22 09:39 - 00377856 _____ C:\Users\.....\Downloads\gmer_2.1.19163.exe
2013-07-22 09:17 - 2013-07-22 10:06 - 00080682 _____ C:\Users\.....\Downloads\OTL.Txt
2013-07-22 09:09 - 2013-07-22 09:09 - 00602112 _____ (OldTimer Tools) C:\Users\.....\Downloads\OTL.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00050477 _____ C:\Users\.....\Downloads\Defogger.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00000000 _____ C:\Users\.....\defogger_reenable
2013-07-22 09:07 - 2013-07-22 09:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-22 00:05 - 2013-07-22 09:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-22 00:04 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\Users\.....\AppData\Local\Conexant
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\ProgramData\Conexant
2013-07-21 23:26 - 2013-07-21 23:26 - 00666633 _____ C:\Users\.....\Desktop\adwcleaner06.exe
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 _____ C:\autoexec.bat
2013-07-21 22:41 - 2013-07-21 23:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Users\.....\AppData\Local\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\ProgramData\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-21 18:25 - 2013-07-21 18:24 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 18:25 - 2013-07-21 18:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 18:24 - 2013-07-21 18:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 16:01 - 2013-07-21 16:01 - 00000000 ____D C:\Users\.....\AppData\Roaming\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 16:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 03:43 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 03:43 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 03:43 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 03:43 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 03:43 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 03:43 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-14 03:43 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-14 03:43 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-14 03:43 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-14 03:43 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 03:43 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 03:43 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 03:43 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-14 03:43 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 03:43 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-14 03:43 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-14 03:43 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-14 03:43 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-14 03:43 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-14 03:43 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-14 03:43 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-14 03:43 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-14 03:43 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-14 03:43 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-14 03:43 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-14 03:43 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-14 03:43 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-14 03:43 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-14 03:43 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-14 03:43 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-14 03:39 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-14 03:39 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-14 03:39 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-14 03:39 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-14 03:38 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-14 03:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-14 03:37 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-06 15:30 - 2013-07-06 15:30 - 00000854 _____ C:\Users\.....\.recently-used.xbel
2013-07-06 15:08 - 2013-07-06 18:46 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part4.rar
2013-07-06 15:08 - 2013-07-06 17:59 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part6.rar
2013-07-06 15:08 - 2013-07-06 17:58 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part5.rar
2013-07-06 11:33 - 2013-07-06 14:24 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part3.rar
2013-07-06 11:33 - 2013-07-06 14:24 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part2.rar
2013-07-06 11:33 - 2013-07-06 13:45 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part1.rar
2013-07-05 21:10 - 2013-07-05 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 12:31 - 2013-07-04 12:31 - 00000355 _____ C:\Users\.....\Documents\Computer - Verknüpfung.lnk
2013-07-01 16:07 - 2013-07-01 16:05 - 04387328 _____ C:\Users\Public\Documents\Physio.ppt
2013-07-01 16:07 - 2013-07-01 00:15 - 04250584 _____ C:\Users\Public\Documents\Physio.odp

==================== One Month Modified Files and Folders =======

2013-07-23 15:10 - 2013-07-23 15:10 - 00001056 _____ C:\Users\.....\Desktop\checkup.txt
2013-07-23 15:10 - 2013-07-23 15:10 - 00001037 _____ C:\AdwCleaner[R4].txt
2013-07-23 15:08 - 2013-07-23 15:08 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-07-23 15:07 - 2013-07-23 15:07 - 00002964 _____ C:\Windows\System32\Tasks\{3B6A3BD6-66E6-45B7-AFA2-E5C5AF88BCEC}
2013-07-23 15:06 - 2013-07-23 15:06 - 00891062 _____ C:\Users\.....\Desktop\SecurityCheck.exe
2013-07-23 15:03 - 2013-03-05 16:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 13:09 - 2013-07-23 13:09 - 02347384 _____ (ESET) C:\Users\.....\Desktop\esetsmartinstaller_enu.exe
2013-07-23 13:09 - 2013-05-31 20:27 - 00000000 ____D C:\Users\.....\AppData\Roaming\Spotify
2013-07-23 12:15 - 2011-08-02 15:06 - 00003508 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-07-23 12:15 - 2011-08-02 15:06 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-07-23 12:15 - 2011-08-02 15:06 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-07-23 12:12 - 2013-07-23 12:12 - 01779447 _____ (Farbar) C:\Users\.....\Desktop\FRST64.exe
2013-07-23 12:08 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 12:08 - 2009-07-14 06:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 12:06 - 2013-07-23 12:06 - 00001167 _____ C:\Users\.....\Desktop\JRT.txt
2013-07-23 12:04 - 2011-06-19 01:53 - 01282760 _____ C:\Windows\WindowsUpdate.log
2013-07-23 12:02 - 2013-07-23 12:02 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 12:01 - 2013-07-23 12:01 - 00000976 _____ C:\Users\.....\Desktop\AdwCleaner[S3].txt
2013-07-23 12:00 - 2013-06-06 00:08 - 00003205 _____ C:\Windows\setupact.log
2013-07-23 12:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 11:59 - 2013-07-23 11:59 - 00000980 _____ C:\AdwCleaner[S3].txt
2013-07-23 11:59 - 2013-07-23 11:59 - 00000344 _____ C:\AdwCleaner[S2].txt
2013-07-23 11:58 - 2013-07-23 11:58 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\.....\Desktop\JRT.exe
2013-07-23 11:57 - 2013-07-23 11:57 - 00000860 _____ C:\AdwCleaner[R3].txt
2013-07-23 11:55 - 2011-06-19 11:46 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-23 11:55 - 2011-06-19 11:46 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-23 11:55 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-23 02:07 - 2013-06-06 00:07 - 00007536 _____ C:\Windows\PFRO.log
2013-07-22 20:39 - 2013-07-22 20:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-22 20:31 - 2011-10-20 10:04 - 00000000 ____D C:\Users\.....\AppData\Roaming\Skype
2013-07-22 16:07 - 2013-07-22 16:07 - 00022973 _____ C:\ComboFix.txt
2013-07-22 16:07 - 2013-07-22 15:31 - 00000000 ____D C:\Qoobox
2013-07-22 16:05 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-22 15:42 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-22 15:41 - 2013-07-22 15:31 - 00000000 ____D C:\Windows\erdnt
2013-07-22 15:37 - 2013-07-22 00:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-22 15:28 - 2013-07-22 15:28 - 05091940 ____R (Swearware) C:\Users\.....\Desktop\ComboFix.exe
2013-07-22 12:49 - 2013-07-22 12:49 - 00000000 ____D C:\FRST
2013-07-22 12:41 - 2013-02-27 19:23 - 00000000 ____D C:\Users\.....\AppData\Roaming\TS3Client
2013-07-22 10:06 - 2013-07-22 09:17 - 00080682 _____ C:\Users\.....\Downloads\OTL.Txt
2013-07-22 09:49 - 2013-07-22 09:49 - 572914034 _____ C:\Windows\MEMORY.DMP
2013-07-22 09:49 - 2013-07-22 09:49 - 00279016 _____ C:\Windows\Minidump\072213-32339-01.dmp
2013-07-22 09:49 - 2013-07-22 09:49 - 00000000 ____D C:\Windows\Minidump
2013-07-22 09:39 - 2013-07-22 09:39 - 00377856 _____ C:\Users\.....\Downloads\gmer_2.1.19163.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00602112 _____ (OldTimer Tools) C:\Users\.....\Downloads\OTL.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00050477 _____ C:\Users\.....\Downloads\Defogger.exe
2013-07-22 09:09 - 2013-07-22 09:09 - 00000000 _____ C:\Users\.....\defogger_reenable
2013-07-22 09:09 - 2011-07-31 12:45 - 00000000 ____D C:\Users\.....
2013-07-22 09:08 - 2013-07-22 00:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-22 09:07 - 2013-07-22 09:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\Users\.....\AppData\Local\Conexant
2013-07-21 23:47 - 2013-07-21 23:47 - 00000000 ____D C:\ProgramData\Conexant
2013-07-21 23:27 - 2011-07-31 12:51 - 00001179 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-21 23:27 - 2011-07-31 12:51 - 00000996 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-21 23:26 - 2013-07-21 23:26 - 00666633 _____ C:\Users\.....\Desktop\adwcleaner06.exe
2013-07-21 23:22 - 2013-07-21 22:41 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-21 22:42 - 2013-07-21 22:42 - 00000000 _____ C:\autoexec.bat
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Users\.....\AppData\Local\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\ProgramData\Cisco
2013-07-21 18:27 - 2013-07-21 18:27 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-21 18:24 - 2013-07-21 18:25 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 18:24 - 2013-07-21 18:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 18:24 - 2013-07-21 18:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 18:24 - 2012-09-16 09:44 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-21 18:24 - 2011-08-22 17:41 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-21 18:19 - 2011-09-04 20:06 - 00000000 ____D C:\Users\.....\AppData\Local\CrashDumps
2013-07-21 16:01 - 2013-07-21 16:01 - 00000000 ____D C:\Users\.....\AppData\Roaming\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 16:00 - 2013-07-21 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 15:30 - 2013-02-27 19:22 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-07-21 15:30 - 2012-12-21 16:13 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-07-21 15:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-21 15:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-21 08:40 - 2011-08-02 14:53 - 00000000 ____D C:\Users\.....\AppData\Local\Adobe
2013-07-18 23:00 - 2009-07-14 06:45 - 00343688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 15:54 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 15:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 15:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 12:29 - 2013-05-31 20:28 - 00000000 ____D C:\Users\.....\AppData\Local\Spotify
2013-07-17 12:04 - 2013-03-05 17:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-17 12:04 - 2013-03-05 17:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-06 18:46 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part4.rar
2013-07-06 17:59 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part6.rar
2013-07-06 17:58 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part5.rar
2013-07-06 15:31 - 2012-01-06 01:04 - 00000000 ____D C:\Users\.....\.gimp-2.6
2013-07-06 15:30 - 2013-07-06 15:30 - 00000854 _____ C:\Users\.....\.recently-used.xbel
2013-07-06 14:24 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part3.rar
2013-07-06 14:24 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part2.rar
2013-07-06 13:45 - 2013-07-06 11:33 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part1.rar
2013-07-06 09:31 - 2012-05-07 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 21:10 - 2013-07-05 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 12:38 - 2013-05-31 20:28 - 00001829 _____ C:\Users\.....\Desktop\Spotify.lnk
2013-07-04 12:38 - 2013-05-31 20:28 - 00001815 _____ C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-07-04 12:31 - 2013-07-04 12:31 - 00000355 _____ C:\Users\.....\Documents\Computer - Verknüpfung.lnk
2013-07-04 12:31 - 2012-04-24 09:10 - 00000000 ____D C:\Users\.....\Desktop\Medi-Learn
2013-07-04 12:31 - 2011-10-18 10:53 - 00000000 ____D C:\Users\.....\Documents\WS 11-12
2013-07-01 16:07 - 2012-11-25 13:18 - 00019456 ___SH C:\Users\Public\Documents\Thumbs.db
2013-07-01 16:05 - 2013-07-01 16:07 - 04387328 _____ C:\Users\Public\Documents\Physio.ppt
2013-07-01 16:05 - 2011-08-02 15:06 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-07-01 00:15 - 2013-07-01 16:07 - 04250584 _____ C:\Users\Public\Documents\Physio.odp
2013-06-27 13:38 - 2011-08-02 15:06 - 00004248 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-06-27 12:49 - 2013-05-07 21:23 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-24 00:57 - 2011-08-02 16:41 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-20 22:34

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 23.07.2013, 19:44   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Nach qvo6 und SpyHunter Infektion noch Anzeichen? - Standard

Nach qvo6 und SpyHunter Infektion noch Anzeichen?



SecurityCheck zickt manchmal rum, ESET findet nur Kram in den Temps, und Adobe wird angemeckert weil er eben nicht aktuell ist, aktuell ist Version 11

Wenn man sich natürlich Sachen aus dem Netz läd
Zitat:
2013-07-06 17:58 - 2013-07-06 15:08 - 524288000 _____ C:\Users\.....\Downloads\One Piece Film Z GER SUB 720p by OnePiece-Tube.part5.rar
Ist eine Infektion vorprogrammiert .

Hier war es nur Adware Müll, also nix schlimmes. Passwörter ändern ist aber trotzdem Pflicht, Standard bei Befall.

onlineBanking ist auch auf einem sauberen System nicht sicher, das muss mindestens mit Chiptan gemacht werden.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.07.2013, 09:55   #11
chalmit
 
Nach qvo6 und SpyHunter Infektion noch Anzeichen? - Standard

Nach qvo6 und SpyHunter Infektion noch Anzeichen?



Alles ist gut, werd mir deine Hinweise zu Herzen nehmen.

Achso, der Fund von ESET (JS) ist mit TFC weg oder wie?

Schönen Tag noch und herzlichen Dank!

Alt 24.07.2013, 12:38   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Nach qvo6 und SpyHunter Infektion noch Anzeichen? - Standard

Nach qvo6 und SpyHunter Infektion noch Anzeichen?



Genau den hat TFC gelöscht. gern geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Nach qvo6 und SpyHunter Infektion noch Anzeichen?
antivir, bluescreen, desktop, e-banking, festplatte, flash player, google, igdpmd64.sys, infiziert., install.exe, js/trojandownloader.iframe.nke, malware, popup, programm, prozess, realtek, registry, safer networking, security, software, spyhunter, spyhunter entfernen, svchost.exe, teamspeak, windows



Ähnliche Themen: Nach qvo6 und SpyHunter Infektion noch Anzeichen?


  1. Dateianhang geöffnet- bisher noch keine Anzeichen auf einen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.05.2015 (3)
  2. Infektion mit http://www.qvo6.com und http://static.icmapp.com
    Log-Analyse und Auswertung - 04.12.2013 (7)
  3. Qvo6-Infektion unter Windows7
    Log-Analyse und Auswertung - 12.11.2013 (11)
  4. Qvo6; BonanzaDeals und was noch so da ist?
    Log-Analyse und Auswertung - 25.10.2013 (11)
  5. QVO6 trotz Virenscan noch auf dem Laptop
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (13)
  6. QVO6 Infektion versucht mit SpyHunter4 zu beheben
    Log-Analyse und Auswertung - 01.10.2013 (9)
  7. Windows 7: qvo6 virus noch auf dem pc?
    Log-Analyse und Auswertung - 06.09.2013 (13)
  8. QVO6 nach Neuaufsetzen?
    Log-Analyse und Auswertung - 25.08.2013 (10)
  9. Windows 7: Problem nach qvO6-Infektion
    Log-Analyse und Auswertung - 17.08.2013 (7)
  10. Ich bin mir unsicher, ob der Qvo6-Virus noch in meinem System ist.
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (17)
  11. Yontoo Infektion + SpyHunter
    Log-Analyse und Auswertung - 22.07.2013 (7)
  12. Probleme mit qvo6 und SpyHunter 4
    Plagegeister aller Art und deren Bekämpfung - 05.06.2013 (30)
  13. Problem mit Qvo6 und SpyHunter!
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (13)
  14. Spyhunter 4 und Qvo6 - Was nun ?
    Plagegeister aller Art und deren Bekämpfung - 21.04.2013 (18)
  15. Spyhunter - noch vorhanden?
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (41)
  16. Infektion des System, Anzeichen aller Art (falsch Weiterleitung von Google, com Surrogate Dienst funkt nicht mehr etc...)
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (1)
  17. S.M.A.R.T HDD / Spyhunter 4 - Daten noch zu retten?
    Log-Analyse und Auswertung - 09.04.2012 (30)

Zum Thema Nach qvo6 und SpyHunter Infektion noch Anzeichen? - Hallo Leute, Vor kurzem hatte ich mich mit dem tollen Hijacker qvo6 infiziert. Jugendlichem Leichtsinn folgende, vertraute ich natürlich dem tollen SpyHunter Programm, der nach einer gründlichen Inspektion meines Systems - Nach qvo6 und SpyHunter Infektion noch Anzeichen?...
Archiv
Du betrachtest: Nach qvo6 und SpyHunter Infektion noch Anzeichen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.