| |
| |||||||
Log-Analyse und Auswertung: UPS Phishing Mail geöffnet uns auf Link geklicktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
26.03.2015, 22:56
| #16 |
 |  UPS Phishing Mail geöffnet uns auf Link geklicktCode:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 26/03/2015 um 22:37:39
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-26.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (x86)
# Benutzername : Schüle - SCHÜLE-LAPTOP
# Gestarted von : C:\Users\Schüle\Eigene Dateien\Downloads\AdwCleaner_4.113.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files\DM
Ordner Gelöscht : C:\Users\SCHLE~1\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\Schüle\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Schüle\AppData\LocalLow\SweetIM
[!] Ordner Gelöscht : C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\SCHLE~1\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v7.0.6001.18639
-\\ Mozilla Firefox v
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.dfltlng", "de");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.instlday", "15611");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.instlref", "MON00015");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.prtnrid", "softonic");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.smplgrp", "none");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.tlbrid", "base");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.vrsnts", "1.6.7.421:27:59");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledAddons", "{e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.12.9.1,ffxtlbra@softonic.com:1.6.0,{317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.9.1,plugin@yontoo.com:1.20.02,{EEE6C361-61[...]
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.y2layers.installId", "0a25c89b-5b73-4b82-89a3-7372d00d315c");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={D3107344-3C9C-11E2-9702-00238B2DD3EE}&src=2&crg=3.1010006.10028&q=");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010006.10028");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.newtab.created", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.apps.)?facebook\\.com.*");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.apps.)?facebook\\.com.*");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{D3107344-3C9C-11E2-9702-00238B2DD3EE}");
[0lr49b7r.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");
-\\ Google Chrome v41.0.2272.101
*************************
AdwCleaner[R0].txt - [19293 Bytes] - [13/07/2014 14:27:07]
AdwCleaner[R1].txt - [13530 Bytes] - [26/03/2015 22:12:47]
AdwCleaner[S0].txt - [14194 Bytes] - [26/03/2015 22:37:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14254 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Schle on 26.03.2015 at 22:46:32,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\isuspm
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Users\Schle\AppData\Roaming\flexnet"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.03.2015 at 22:49:15,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Schüle at 2015-03-26 22:54:19
Running from C:\Users\Schüle\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Amicron-Faktura 11.0 © Amicron Software (HKLM\...\Amicron-Faktura 11.0) (Version: - )
Biet-O-Matic v2.14.12 (HKLM\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Comodo BackUp (HKLM\...\Comodo BackUp) (Version: 1.0.4.337 - COMODO)
DELISprint (HKLM\...\{9480CCD5-BB18-4DF3-AB18-04198B30DD62}) (Version: 5.6.7.0 - DPD)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
eMachines (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}) (Version: - Oberon Media)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.02.0902 - Acer Incorporated)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FileZilla Client 3.5.1 (HKLM\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project)
Firebird 2.5.2.26540 (Win32) (HKLM\...\FBDBServer_2_5_is1) (Version: 2.5.2.26540 - Firebird Project)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Ihr Firmenname)
InfoBibliothek (HKLM\...\{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}) (Version: - Akademische Arbeitsgemeinschaft)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.498 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B9.498 - InterVideo Inc.) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (Version: 1.00.0000 - USM) Hidden
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.1.2 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
MPM (HKLM\...\{7ABD82AD-E13E-4673-A450-0890D43C8F9D}) (Version: 1.00.0000 - Hewlett-Packard)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.503 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.503 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6325 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6325 - NewTech Infosystems) Hidden
Nuance PDF Converter 7 (HKLM\...\{667014DE-A731-4487-9650-BD864C536F4F}) (Version: 7.00.2000 - Nuance Communications, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OpenOffice.org 3.0 (HKLM\...\{04B45310-A5FE-4425-BFCA-1A6D8920DE74}) (Version: 3.0.9379 - OpenOffice.org)
PDF To Excel Converter V3.0 (HKLM\...\PDF To Excel Converter_is1) (Version: - hxxp://www.PDFExcelConverter.com)
Profi cash (HKLM\...\Profi cash) (Version: - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5680 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scansoft PDF Converter (Version: - ) Hidden
Steuer 2011 (HKLM\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Steuer 2012 (HKLM\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Steuersparer 2010 (HKLM\...\{9B954367-8314-4E94-9FFC-D6EFF7C6B674}) (Version: 17.00.6531 - Buhl Data Service GmbH)
Steuersparer 2011 (HKLM\...\{538E852C-1064-46EF-9B24-6EC9B1494792}) (Version: 18.00.6933 - Buhl Data Service GmbH)
Steuer-Spar-Erklärung 2008 (HKLM\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.01.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.11.0000 - Akademische Arbeitsgemeinschaft Verlag)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XnView 2.03 (HKLM\...\XnView_is1) (Version: 2.03 - Gougelet Pierre-e)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{68213E0D-E2B5-43D8-9683-080885FB7E24}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-768814543-1293272205-1146082735-1000_Classes\CLSID\{F4F55570-2FF4-444F-9851-E04BA4E4B524}\InprocServer32 -> No File Path
==================== Restore Points =========================
22-03-2015 21:47:19 Revo Uninstaller's restore point - Internet Explorer Toolbar 4.6 by SweetPacks
22-03-2015 21:53:24 Revo Uninstaller's restore point - SweetPacks bundle uninstaller
22-03-2015 21:56:47 Revo Uninstaller's restore point - Update Manager for SweetPacks 1.1
22-03-2015 21:59:06 Revo Uninstaller's restore point - Yontoo 1.10.03
24-03-2015 23:14:23 Removed Apple Software Update
24-03-2015 23:16:39 Removed Apple Mobile Device Support
24-03-2015 23:17:54 Removed Apple Application Support (32-Bit)
24-03-2015 23:24:02 Removed iTunes
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {171DF220-EF09-449C-8AA2-BB5DF0D5E2F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.)
Task: {22B8F97D-5736-4520-9C6B-67C75987854C} - System32\Tasks\{743FC91F-421D-4A8B-BACA-40B6CBC289E5} => pcalua.exe -a c:\Users\Schüle\Documents\Downloads\amicron-faktura11(2).exe
Task: {4C7044E2-6D55-4F72-8668-4F71B6BFA3BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {4F4BF66C-98F3-4BDD-A82E-BF2768473BB7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Schüle => C:\Program Files\Windows Calendar\wincal.exe [2008-01-21] (Microsoft Corporation)
Task: {534DF986-986C-4568-85A6-245C4D6E03C8} - System32\Tasks\{A1B029EC-5A50-478D-A54D-9810DC94C25D} => pcalua.exe -a C:\PROGRA~1\AMICRO~1.0\UNWISE.EXE -c C:\PROGRA~1\AMICRO~1.0\Install.log
Task: {66197C39-E854-490C-B9B5-3E82B27101FB} - System32\Tasks\{88C66690-BBA1-4297-A840-26D69C048E4A} => pcalua.exe -a C:\Users\Schüle\Downloads\setup_kadmos_irfanview_de.exe -d C:\Users\Schüle\Downloads
Task: {91062CE2-CC24-442B-827A-EE9B2F8EB474} - System32\Tasks\{4CE875CE-371C-4A2B-A945-F691B3351578} => pcalua.exe -a "C:\Users\Schüle\Eigene Dateien\Downloads\AF11-Setup.exe" -d "C:\Users\Schüle\Eigene Dateien\Downloads"
Task: {9EB265ED-B122-4E5C-9779-3E4B51B2BC5E} - System32\Tasks\{62413CF2-5EBD-4C71-88C5-8A493C2D3E1D} => pcalua.exe -a "C:\Program Files\Oberon Media\eMachines\Uninstall.exe" -c "C:\Program Files\Oberon Media\eMachines\install.log"
Task: {D01C3D6B-91E9-444C-BE2C-7D3E7E848B96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-22] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-13 20:05 - 2014-09-10 16:24 - 00019216 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files\Common Files\AAV\aavus.exe
2008-02-28 21:44 - 2008-02-28 21:44 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2008-02-28 21:44 - 2008-02-28 21:44 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2008-02-28 21:44 - 2008-02-28 21:44 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2009-03-06 11:15 - 2008-06-11 11:18 - 00024576 _____ () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
2009-03-06 11:15 - 2009-03-06 11:15 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-03-06 11:15 - 2009-03-06 11:15 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2008-04-04 02:03 - 2008-04-04 02:03 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2008-04-06 21:42 - 2008-04-06 21:42 - 00034040 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-04-04 02:00 - 2008-04-04 02:00 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2008-07-29 12:55 - 2008-07-29 12:55 - 00969728 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2009-01-09 19:18 - 2009-01-09 19:18 - 00139264 _____ () C:\Program Files\OpenOffice.org 3\Basis\program\NSLDAP32V50.dll
2008-07-29 12:59 - 2008-07-29 12:59 - 00165376 _____ () C:\Program Files\OpenOffice.org 3\Basis\program\libxslt.dll
2011-08-28 22:19 - 2011-08-28 22:19 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-03-22 10:50 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:580E04D8
AlternateDataStreams: C:\ProgramData\TEMP:D95ACC7D
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Classes\.exe: => <===== ATTENTION!
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img33.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-768814543-1293272205-1146082735-500 - Administrator - Disabled)
Gast (S-1-5-21-768814543-1293272205-1146082735-501 - Limited - Disabled)
Schüle (S-1-5-21-768814543-1293272205-1146082735-1000 - Administrator - Enabled) => C:\Users\Schüle
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-03-26 22:54:11.631
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:54:11.350
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:54:11.054
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:54:10.773
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:53:51.407
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:53:51.029
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:53:50.771
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:53:50.410
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:53:50.065
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 22:53:49.737
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Athlon(tm) X2 Dual-Core QL-62
Percentage of memory in use: 44%
Total physical RAM: 2813.5 MB
Available physical RAM: 1569.78 MB
Total Pagefile: 5863.44 MB
Available Pagefile: 4658.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.38 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:144.04 GB) (Free:42.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:143.94 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2C74BADC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Schüle (administrator) on SCHÜLE-LAPTOP on 26-03-2015 22:53:02
Running from C:\Users\Schüle\Eigene Dateien\Downloads
Loaded Profiles: Schüle (Available profiles: Schüle)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Common Files\AAV\aavus.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(COMODO) C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-13] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-24] (RealNetworks, Inc.)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe [121120 2010-10-28] (Nuance Communications, Inc.)
HKLM\...\Run: [Nuance PDF Converter 7-reminder] => C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\MountPoints2: {d5797571-7152-11df-b752-00238b2dd3ee} - F:\InstallTomTomHOME.exe
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: [S-1-5-21-768814543-1293272205-1146082735-1000] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-24] (RealPlayer)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default
FF Homepage: http.www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-07] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-03]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\trash [2013-05-11]
FF Extension: SeoQuake - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-05-08]
FF Extension: Page Speed - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-08-28]
FF Extension: Firebug - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-09]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-09-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-07-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\ffxtlbra@softonic.com [Not Found]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\plugin@yontoo.com.xpi [Not Found]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [Not Found]
FF Extension: No Name - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Profile: C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ComodoBackupService; C:\Program Files\Comodo\BackUp\CmdBkSvc.exe [1023488 2009-04-25] (COMODO) [File not signed]
R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 A2DDA; C:\EEK\bin\a2ddax86.sys [22056 2015-03-24] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-03-24] (Emsisoft GmbH)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-23] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-25] (Malwarebytes Corporation)
R3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [75776 2007-02-12] (Prolific Technology Inc.) [File not signed]
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-26 22:49 - 2015-03-26 22:49 - 00000939 _____ () C:\Users\Schüle\Desktop\JRT.txt
2015-03-25 09:12 - 2015-03-25 09:12 - 00001886 _____ () C:\Users\Schüle\Desktop\a2scan_150325-063559 bericht.txt
2015-03-25 06:22 - 2015-03-25 06:22 - 00142656 _____ () C:\Windows\Minidump\Mini032515-01.dmp
2015-03-24 23:54 - 2015-03-24 23:54 - 00142656 _____ () C:\Windows\Minidump\Mini032415-02.dmp
2015-03-24 23:14 - 2015-03-24 23:14 - 00000000 ____D () C:\OETemp
2015-03-24 21:04 - 2015-03-24 21:04 - 00000693 _____ () C:\Users\Schüle\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-24 21:03 - 2015-03-25 06:25 - 00000000 ____D () C:\EEK
2015-03-24 01:09 - 2015-03-24 01:09 - 00142608 _____ () C:\Windows\Minidump\Mini032415-01.dmp
2015-03-23 22:32 - 2015-03-25 00:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-23 22:32 - 2015-03-25 00:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-23 22:31 - 2015-03-23 22:31 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-23 17:30 - 2015-03-23 17:30 - 00142608 _____ () C:\Windows\Minidump\Mini032315-01.dmp
2015-03-22 22:01 - 2015-03-23 22:31 - 00000000 ____D () C:\Users\Schüle\Desktop\mbar
2015-03-22 21:43 - 2015-03-24 23:27 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-22 21:37 - 2015-03-22 21:37 - 00138976 _____ () C:\Windows\Minidump\Mini032215-01.dmp
2015-03-19 22:33 - 2015-03-24 23:35 - 00000000 ____D () C:\Program Files\Avira
2015-03-19 22:17 - 2015-03-19 22:17 - 00005115 _____ () C:\ProgramData\N360BUOptions.ini
2015-03-19 20:50 - 2015-03-19 20:50 - 00014681 _____ () C:\Users\Schüle\Desktop\gamer.txt
2015-03-19 20:50 - 2015-03-19 20:50 - 00000104 ____H () C:\Users\Schüle\Desktop\.~lock.gamer.txt#
2015-03-19 20:16 - 2015-03-19 20:16 - 00036873 _____ () C:\Users\Schüle\Desktop\FRST.txt
2015-03-19 16:22 - 2015-03-26 22:53 - 00000000 ____D () C:\FRST
2015-03-19 16:18 - 2015-03-19 16:18 - 00000000 _____ () C:\Users\Schüle\defogger_reenable
2015-03-19 14:22 - 2015-03-23 22:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-19 13:33 - 2015-03-19 13:33 - 00138976 _____ () C:\Windows\Minidump\Mini031915-01.dmp
2015-03-14 16:12 - 2015-03-14 16:12 - 00138200 _____ () C:\Windows\Minidump\Mini031415-01.dmp
2015-03-13 11:58 - 2015-03-13 11:58 - 00015810 _____ () C:\Users\Schüle\Desktop\haushaltshilfen 2014.odt
2015-03-08 15:11 - 2015-03-07 20:58 - 00013171 _____ () C:\Users\Schüle\Documents\SDK%20Julia%20Schüle%20%202011%20Heilpraktiker.odt_0.odt
2015-03-08 15:11 - 2015-03-07 20:58 - 00012352 _____ () C:\Users\Schüle\Documents\BKK%20Schmidt%20Haushaltshilfe.odt_0.odt
2015-03-07 20:34 - 2015-03-07 20:34 - 00000152 ____H () C:\Users\Schüle\Desktop\.~lock.BKK Schmidt Haushaltshilfe.odt#
2015-03-07 15:10 - 2015-03-07 15:10 - 00014154 _____ () C:\Users\Schüle\Desktop\BKK Schmidt Haushaltshilfe.odt
2015-03-05 10:54 - 2015-03-05 10:54 - 00138976 _____ () C:\Windows\Minidump\Mini030515-01.dmp
2015-03-03 05:48 - 2015-03-03 05:48 - 00138976 _____ () C:\Windows\Minidump\Mini030315-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-26 22:47 - 2013-05-22 12:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 22:46 - 2014-07-13 14:27 - 00000000 ____D () C:\AdwCleaner
2015-03-26 22:46 - 2009-03-06 11:09 - 01767466 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 22:42 - 2011-11-28 14:35 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-26 22:41 - 2014-06-09 22:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-03-26 22:41 - 2013-05-22 12:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 22:41 - 2010-08-14 19:32 - 00027934 _____ () C:\ProgramData\nvModes.001
2015-03-26 22:41 - 2009-03-06 11:16 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-03-26 22:41 - 2008-09-11 01:01 - 00000147 _____ () C:\Windows\system32\agent.log
2015-03-26 22:41 - 2008-01-21 03:47 - 00328482 _____ () C:\Windows\PFRO.log
2015-03-26 22:41 - 2006-11-02 14:01 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 22:41 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 22:41 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 22:41 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 22:35 - 2012-04-20 08:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 19:41 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing
2015-03-25 06:22 - 2010-12-17 14:31 - 00000000 ____D () C:\Windows\Minidump
2015-03-25 06:22 - 2010-12-17 14:30 - 382524070 _____ () C:\Windows\MEMORY.DMP
2015-03-24 23:35 - 2009-04-25 21:25 - 00000000 ____D () C:\Program Files\Hardcopy
2015-03-24 23:27 - 2015-02-19 16:57 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-24 23:19 - 2009-05-13 21:52 - 00000000 ____D () C:\ProgramData\Apple
2015-03-20 20:42 - 2008-09-11 00:41 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-20 20:42 - 2008-09-11 00:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-03-19 16:18 - 2009-04-11 21:55 - 00000000 ____D () C:\Users\Schüle
2015-03-18 15:10 - 2010-08-05 19:34 - 00027934 _____ () C:\ProgramData\nvModes.dat
2015-03-15 19:10 - 2010-01-19 22:23 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\vlc
2015-03-15 17:52 - 2010-07-29 21:19 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\dvdcss
2015-03-13 11:58 - 2014-02-15 16:53 - 00000000 ____D () C:\Users\Schüle\Desktop\Julia
2015-03-13 06:26 - 2008-09-11 01:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-09 21:09 - 2006-11-02 13:52 - 00115692 _____ () C:\Windows\setupact.log
2015-03-09 21:07 - 2015-01-17 19:19 - 00000000 ____D () C:\Users\Schüle\Desktop\ebay 17.01.15
2015-03-08 15:54 - 2012-06-28 20:24 - 00000000 ____D () C:\ProgramData\firebird
==================== Files in the root of some directories =======
2011-04-27 17:58 - 2014-03-25 21:41 - 0001164 _____ () C:\Users\Schüle\AppData\Local\crc32list11.txt
2010-05-11 20:22 - 2014-06-08 21:16 - 0000680 _____ () C:\Users\Schüle\AppData\Local\d3d9caps.dat
2009-08-08 21:41 - 2015-01-18 11:04 - 0084992 _____ () C:\Users\Schüle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-11 21:04 - 2014-05-01 22:58 - 0004929 _____ () C:\ProgramData\hpzinstall.log
2015-03-19 22:17 - 2015-03-19 22:17 - 0005115 _____ () C:\ProgramData\N360BUOptions.ini
2010-08-14 19:32 - 2015-03-26 22:41 - 0027934 _____ () C:\ProgramData\nvModes.001
2010-08-05 19:34 - 2015-03-18 15:10 - 0027934 _____ () C:\ProgramData\nvModes.dat
Some content of TEMP:
====================
C:\Users\Schüle\AppData\Local\Temp\avgnt.exe
C:\Users\Schüle\AppData\Local\Temp\avguidx.dll
C:\Users\Schüle\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmply363d.dll
C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Schüle\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Schüle\AppData\Local\Temp\oi_{0206E94C-54DA-4383-8329-E6D830949908}.exe
C:\Users\Schüle\AppData\Local\Temp\Quarantine.exe
C:\Users\Schüle\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Schüle\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Schüle\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\sqlite3.dll
C:\Users\Schüle\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\ytb.exe
C:\Users\Schüle\AppData\Local\Temp\{FDAEB69C-C89A-407F-AEF2-707495603B7A}-21.0.1180.83_21.0.1180.79_chrome_updater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-26 22:48
==================== End Of Log ============================
--- --- --- |
|
27.03.2015, 18:36
| #17 |
| /// the machine /// TB-Ausbilder    | UPS Phishing Mail geöffnet uns auf Link geklicktESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ |
|
27.03.2015, 21:45
| #18 |
| | UPS Phishing Mail geöffnet uns auf Link geklicktCode:
ATTFilter Results of screen317's Security Check version 0.99.97
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 22
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (36.0.4)
Mozilla Thunderbird (31.1.2)
Google Chrome (41.0.2272.101)
Google Chrome (41.0.2272.89)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
|
|
28.03.2015, 12:26
| #19 |
| /// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklickt und der Rest?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.03.2015, 21:23
| #20 |
| | UPS Phishing Mail geöffnet uns auf Link geklickt So hier noch der Rest  Code:
ATTFilter Results of screen317's Security Check version 0.99.97
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 22
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (36.0.4)
Mozilla Thunderbird (31.1.2)
Google Chrome (41.0.2272.101)
Google Chrome (41.0.2272.89)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=46300e66831f0449a60830bc26b54045
# engine=23136
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-29 01:30:52
# local_time=2015-03-29 03:30:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 91 227232 515424 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 95 226752943 265168580 0 0
# scanned=149423
# found=0
# cleaned=0
# scan_time=4843
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=46300e66831f0449a60830bc26b54045
# engine=23136
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-29 01:30:52
# local_time=2015-03-29 03:30:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 91 227232 515424 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 95 226752943 265168580 0 0
# scanned=149423
# found=0
# cleaned=0
# scan_time=4843
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=46300e66831f0449a60830bc26b54045
# engine=23139
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-29 06:20:03
# local_time=2015-03-29 08:20:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 91 248182 532774 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 95 226773893 265185930 0 0
# scanned=6637
# found=0
# cleaned=0
# scan_time=203
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=46300e66831f0449a60830bc26b54045
# engine=23142
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-29 08:00:59
# local_time=2015-03-29 10:00:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 91 254239 538831 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 95 226779950 265191987 0 0
# scanned=9394
# found=2
# cleaned=0
# scan_time=1597
sh=96FB715EC6A545CA86FACD8BAF12D432D49ACA80 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schüle\Documents\Downloads\wz175-32gev.msi"
sh=F711D2AA2F4CC4C6DA8C668A566152517DA39F1B ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schüle\Documents\Downloads\wz180gev-32.msi"
Users\...\AppData\Local\Temp\~DFF99B.tpm überprüft hat. Ich habe dann diesen Ordner zur Prüfung ausgeschlossen. So konnte die Prüfung abgeschlossen werden. Die Datei ist allerdings von 2009. Avast zeigt mir bei der Überprüfung für diese Datei folgenden Fehler an: Die Anforderung konnte wegen eines E/A Gerätefehlersnicht ausgeführt werden (1117) Sonst würde ich sage dass der Rechner schnell abstürzt und zum Hochfahren lange braucht bis die Programe bereit sind. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Schüle (administrator) on SCHÜLE-LAPTOP on 29-03-2015 22:47:17
Running from c:\Users\Schüle\eigene dateien\downloads
Loaded Profiles: Schüle (Available profiles: Schüle)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Common Files\AAV\aavus.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(COMODO) C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Farbar) C:\Users\Schüle\Documents\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-13] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-24] (RealNetworks, Inc.)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe [121120 2010-10-28] (Nuance Communications, Inc.)
HKLM\...\Run: [Nuance PDF Converter 7-reminder] => C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-27] (Avast Software s.r.o.)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\MountPoints2: {d5797571-7152-11df-b752-00238b2dd3ee} - F:\InstallTomTomHOME.exe
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: [S-1-5-21-768814543-1293272205-1146082735-1000] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-24] (RealPlayer)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-27] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default
FF Homepage: http.www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-07] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml [2010-07-03]
FF Extension: SeoQuake - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-03-29]
FF Extension: Page Speed - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2015-03-29]
FF Extension: Firebug - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-09]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-09-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-07-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-27]
FF Extension: PDF Converter 7.0 - C:\Program Files\Nuance\PDF Converter 7\FireFox [2014-09-22]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Profile: C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-27]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-27] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-27] (Avast Software)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ComodoBackupService; C:\Program Files\Comodo\BackUp\CmdBkSvc.exe [1023488 2009-04-25] (COMODO) [File not signed]
R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 A2DDA; C:\EEK\bin\a2ddax86.sys [22056 2015-03-24] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-03-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-03-27] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-03-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-03-27] ()
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-03-24] (Emsisoft GmbH)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-23] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-25] (Malwarebytes Corporation)
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [75776 2007-02-12] (Prolific Technology Inc.) [File not signed]
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-27] (Avast Software)
S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-29 22:45 - 2015-03-29 22:45 - 00001214 _____ () C:\Users\Schüle\Desktop\checkup.txt
2015-03-29 22:19 - 2015-03-29 22:19 - 00000000 ____D () C:\Program Files\ESET
2015-03-29 22:15 - 2015-03-29 22:15 - 00003094 _____ () C:\Users\Schüle\Desktop\eset2.txt
2015-03-29 22:15 - 2015-03-29 22:15 - 00000783 _____ () C:\Windows\NTIWVEDT.INI
2015-03-29 18:52 - 2015-03-29 18:52 - 00142656 _____ () C:\Windows\Minidump\Mini032915-01.dmp
2015-03-29 15:55 - 2015-03-29 15:55 - 00000955 _____ () C:\Users\Schüle\Desktop\eset1.txt
2015-03-27 00:39 - 2015-03-27 00:39 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-03-27 00:39 - 2015-03-27 00:39 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-03-27 00:35 - 2015-03-27 00:35 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-27 00:35 - 2015-03-27 00:35 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-27 00:27 - 2015-03-27 00:29 - 00000607 _____ () C:\Windows\wininit.ini
2015-03-27 00:24 - 2015-03-27 00:27 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-27 00:24 - 2015-03-27 00:24 - 00001831 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-27 00:24 - 2015-03-27 00:24 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\AVAST Software
2015-03-27 00:24 - 2015-03-27 00:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-27 00:23 - 2015-03-27 00:23 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-27 00:23 - 2015-03-27 00:23 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-27 00:23 - 2015-03-27 00:23 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-27 00:20 - 2015-03-27 00:20 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-27 00:19 - 2015-03-27 00:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-27 00:07 - 2015-03-27 00:07 - 00139552 _____ () C:\Windows\Minidump\Mini032615-01.dmp
2015-03-26 23:49 - 2015-03-26 23:49 - 00000939 _____ () C:\Users\Schüle\Desktop\JRT.txt
2015-03-25 10:12 - 2015-03-25 10:12 - 00001886 _____ () C:\Users\Schüle\Desktop\a2scan_150325-063559 bericht.txt
2015-03-25 07:22 - 2015-03-25 07:22 - 00142656 _____ () C:\Windows\Minidump\Mini032515-01.dmp
2015-03-25 00:54 - 2015-03-25 00:54 - 00142656 _____ () C:\Windows\Minidump\Mini032415-02.dmp
2015-03-25 00:14 - 2015-03-25 00:14 - 00000000 ____D () C:\OETemp
2015-03-24 22:04 - 2015-03-24 22:04 - 00000693 _____ () C:\Users\Schüle\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-24 22:03 - 2015-03-25 07:25 - 00000000 ____D () C:\EEK
2015-03-24 02:09 - 2015-03-24 02:09 - 00142608 _____ () C:\Windows\Minidump\Mini032415-01.dmp
2015-03-23 23:32 - 2015-03-25 01:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-23 23:32 - 2015-03-25 01:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-23 23:31 - 2015-03-23 23:31 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-23 18:30 - 2015-03-23 18:30 - 00142608 _____ () C:\Windows\Minidump\Mini032315-01.dmp
2015-03-22 23:01 - 2015-03-23 23:31 - 00000000 ____D () C:\Users\Schüle\Desktop\mbar
2015-03-22 22:43 - 2015-03-25 00:27 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-22 22:37 - 2015-03-22 22:37 - 00138976 _____ () C:\Windows\Minidump\Mini032215-01.dmp
2015-03-19 23:33 - 2015-03-25 00:35 - 00000000 ____D () C:\Program Files\Avira
2015-03-19 23:17 - 2015-03-19 23:17 - 00005115 _____ () C:\ProgramData\N360BUOptions.ini
2015-03-19 21:50 - 2015-03-19 21:50 - 00014681 _____ () C:\Users\Schüle\Desktop\gamer.txt
2015-03-19 21:50 - 2015-03-19 21:50 - 00000104 ____H () C:\Users\Schüle\Desktop\.~lock.gamer.txt#
2015-03-19 21:16 - 2015-03-19 21:16 - 00036873 _____ () C:\Users\Schüle\Desktop\FRST.txt
2015-03-19 17:22 - 2015-03-29 22:47 - 00000000 ____D () C:\FRST
2015-03-19 17:18 - 2015-03-19 17:18 - 00000000 _____ () C:\Users\Schüle\defogger_reenable
2015-03-19 15:22 - 2015-03-23 23:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-19 14:33 - 2015-03-19 14:33 - 00138976 _____ () C:\Windows\Minidump\Mini031915-01.dmp
2015-03-14 17:12 - 2015-03-14 17:12 - 00138200 _____ () C:\Windows\Minidump\Mini031415-01.dmp
2015-03-13 12:58 - 2015-03-13 12:58 - 00015810 _____ () C:\Users\Schüle\Desktop\haushaltshilfen 2014.odt
2015-03-08 16:11 - 2015-03-07 21:58 - 00013171 _____ () C:\Users\Schüle\Documents\SDK%20Julia%20Schüle%20%202011%20Heilpraktiker.odt_0.odt
2015-03-08 16:11 - 2015-03-07 21:58 - 00012352 _____ () C:\Users\Schüle\Documents\BKK%20Schmidt%20Haushaltshilfe.odt_0.odt
2015-03-07 21:34 - 2015-03-07 21:34 - 00000152 ____H () C:\Users\Schüle\Desktop\.~lock.BKK Schmidt Haushaltshilfe.odt#
2015-03-07 16:10 - 2015-03-07 16:10 - 00014154 _____ () C:\Users\Schüle\Desktop\BKK Schmidt Haushaltshilfe.odt
2015-03-05 11:54 - 2015-03-05 11:54 - 00138976 _____ () C:\Windows\Minidump\Mini030515-01.dmp
2015-03-03 06:48 - 2015-03-03 06:48 - 00138976 _____ () C:\Windows\Minidump\Mini030315-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-29 22:46 - 2013-05-22 13:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-29 22:42 - 2008-01-21 09:16 - 00005552 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-29 22:39 - 2009-03-06 12:09 - 01875925 _____ () C:\Windows\WindowsUpdate.log
2015-03-29 22:36 - 2011-11-28 15:35 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-29 22:35 - 2014-06-09 23:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-03-29 22:35 - 2013-05-22 13:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-29 22:35 - 2010-08-14 20:32 - 00027934 _____ () C:\ProgramData\nvModes.001
2015-03-29 22:35 - 2009-03-06 12:16 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-03-29 22:35 - 2008-09-11 02:01 - 00000147 _____ () C:\Windows\system32\agent.log
2015-03-29 22:35 - 2008-01-21 04:47 - 00330448 _____ () C:\Windows\PFRO.log
2015-03-29 22:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-29 22:35 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 22:35 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 21:35 - 2012-04-20 09:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-29 18:52 - 2010-12-17 15:31 - 00000000 ____D () C:\Windows\Minidump
2015-03-29 18:52 - 2010-12-17 15:30 - 355437222 _____ () C:\Windows\MEMORY.DMP
2015-03-28 01:44 - 2006-11-02 15:01 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-27 22:41 - 2013-08-21 21:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-27 22:24 - 2014-10-08 22:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-27 00:39 - 2008-09-11 02:02 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-27 00:38 - 2009-04-17 22:46 - 00000000 ____D () C:\Users\Schüle\AppData\Local\Adobe
2015-03-27 00:38 - 2008-09-11 02:02 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-03-27 00:38 - 2008-09-11 02:02 - 00000000 ____D () C:\Program Files\Adobe
2015-03-27 00:35 - 2012-09-09 19:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-27 00:29 - 2014-10-27 23:16 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\Dropbox
2015-03-26 23:46 - 2014-07-13 15:27 - 00000000 ____D () C:\AdwCleaner
2015-03-25 20:41 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing
2015-03-25 00:35 - 2009-04-25 22:25 - 00000000 ____D () C:\Program Files\Hardcopy
2015-03-25 00:27 - 2015-02-19 17:57 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-25 00:19 - 2009-05-13 22:52 - 00000000 ____D () C:\ProgramData\Apple
2015-03-20 21:42 - 2008-09-11 01:41 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-20 21:42 - 2008-09-11 01:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-03-19 17:18 - 2009-04-11 22:55 - 00000000 ____D () C:\Users\Schüle
2015-03-18 16:10 - 2010-08-05 20:34 - 00027934 _____ () C:\ProgramData\nvModes.dat
2015-03-15 20:10 - 2010-01-19 23:23 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\vlc
2015-03-15 18:52 - 2010-07-29 22:19 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\dvdcss
2015-03-13 12:58 - 2014-02-15 17:53 - 00000000 ____D () C:\Users\Schüle\Desktop\Julia
2015-03-13 07:26 - 2008-09-11 02:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-09 22:09 - 2006-11-02 14:52 - 00115692 _____ () C:\Windows\setupact.log
2015-03-09 22:07 - 2015-01-17 20:19 - 00000000 ____D () C:\Users\Schüle\Desktop\ebay 17.01.15
2015-03-08 16:54 - 2012-06-28 21:24 - 00000000 ____D () C:\ProgramData\firebird
==================== Files in the root of some directories =======
2011-04-27 18:58 - 2014-03-25 22:41 - 0001164 _____ () C:\Users\Schüle\AppData\Local\crc32list11.txt
2010-05-11 21:22 - 2014-06-08 22:16 - 0000680 _____ () C:\Users\Schüle\AppData\Local\d3d9caps.dat
2009-08-08 22:41 - 2015-01-18 12:04 - 0084992 _____ () C:\Users\Schüle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-11 22:04 - 2014-05-01 23:58 - 0004929 _____ () C:\ProgramData\hpzinstall.log
2015-03-19 23:17 - 2015-03-19 23:17 - 0005115 _____ () C:\ProgramData\N360BUOptions.ini
2010-08-14 20:32 - 2015-03-29 22:35 - 0027934 _____ () C:\ProgramData\nvModes.001
2010-08-05 20:34 - 2015-03-18 16:10 - 0027934 _____ () C:\ProgramData\nvModes.dat
Some content of TEMP:
====================
C:\Users\Schüle\AppData\Local\Temp\avgnt.exe
C:\Users\Schüle\AppData\Local\Temp\avguidx.dll
C:\Users\Schüle\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpong9iw.dll
C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Schüle\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Schüle\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Schüle\AppData\Local\Temp\oi_{0206E94C-54DA-4383-8329-E6D830949908}.exe
C:\Users\Schüle\AppData\Local\Temp\Quarantine.exe
C:\Users\Schüle\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Schüle\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Schüle\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\sqlite3.dll
C:\Users\Schüle\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Schüle\AppData\Local\Temp\ytb.exe
C:\Users\Schüle\AppData\Local\Temp\{FDAEB69C-C89A-407F-AEF2-707495603B7A}-21.0.1180.83_21.0.1180.79_chrome_updater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-29 22:41
==================== End Of Log ============================
--- --- --- |
|
31.03.2015, 05:26
| #21 |
| /// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklickt Java und Adobe updaten. Windows updaten, da fehlen 6 Jahre an Updates!!! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Schüle\Documents\Downloads\wz175-32gev.msi
C:\Users\Schüle\Documents\Downloads\wz180gev-32.msi
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ --> UPS Phishing Mail geöffnet uns auf Link geklickt |
|
31.03.2015, 22:15
| #22 |
| | UPS Phishing Mail geöffnet uns auf Link geklickt OK, die Updates sind durch. Anbei das Log Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Schüle at 2015-03-31 23:00:25 Run:1
Running from c:\Users\Schüle\eigene dateien\downloads
Loaded Profiles: Schüle (Available profiles: Schüle)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Schüle\Documents\Downloads\wz175-32gev.msi
C:\Users\Schüle\Documents\Downloads\wz180gev-32.msi
Emptytemp:
*****************
C:\Users\Schüle\Documents\Downloads\wz175-32gev.msi => Moved successfully.
C:\Users\Schüle\Documents\Downloads\wz180gev-32.msi => Moved successfully.
EmptyTemp: => Removed 2.8 GB temporary data.
The system needed a reboot.
==== End of Fixlog 23:06:07 ====
|
|
01.04.2015, 08:52
| #23 |
| /// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklickt Frisches FRST log bitte. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.04.2015, 07:20
| #24 |
| | UPS Phishing Mail geöffnet uns auf Link geklickt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Schüle (administrator) on SCHÜLE-LAPTOP on 01-04-2015 19:47:34
Running from c:\Users\Schüle\eigene dateien\downloads
Loaded Profiles: Schüle (Available profiles: Schüle)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Common Files\AAV\aavus.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(COMODO) C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-13] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-24] (RealNetworks, Inc.)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Converter 7\RegistryController.exe [121120 2010-10-28] (Nuance Communications, Inc.)
HKLM\...\Run: [Nuance PDF Converter 7-reminder] => C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-27] (Avast Software s.r.o.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-08-06] (Realtek Semiconductor Corp.)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\...\MountPoints2: {d5797571-7152-11df-b752-00238b2dd3ee} - F:\InstallTomTomHOME.exe
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=emg620
HKU\S-1-5-21-768814543-1293272205-1146082735-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-24] (RealPlayer)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-27] (Avast Software s.r.o.)
Toolbar: HKU\S-1-5-21-768814543-1293272205-1146082735-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default
FF Homepage: http.www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-31] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-24] (RealNetworks, Inc.)
FF Extension: SeoQuake - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-03-29]
FF Extension: Page Speed - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2015-03-29]
FF Extension: Firebug - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schüle\AppData\Roaming\Mozilla\Firefox\Profiles\0lr49b7r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-09]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-09-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-07-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-27]
FF Extension: PDF Converter 7.0 - C:\Program Files\Nuance\PDF Converter 7\FireFox [2014-09-22]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Profile: C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-27]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-27] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-27] (Avast Software)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ComodoBackupService; C:\Program Files\Comodo\BackUp\CmdBkSvc.exe [1023488 2009-04-25] (COMODO) [File not signed]
R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 A2DDA; C:\EEK\bin\a2ddax86.sys [22056 2015-03-24] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-03-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-03-27] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-03-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-03-27] ()
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-03-24] (Emsisoft GmbH)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-23] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-29] (Malwarebytes Corporation)
R3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [75776 2007-02-12] (Prolific Technology Inc.) [File not signed]
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-27] (Avast Software)
S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 18:47 - 2012-06-03 00:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-01 18:47 - 2012-06-03 00:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-01 18:47 - 2012-06-03 00:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-01 18:47 - 2012-06-03 00:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-01 18:47 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-01 18:47 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-03-31 22:49 - 2015-03-31 22:49 - 00000000 ____D () C:\ProgramData\APN
2015-03-31 22:46 - 2015-03-31 22:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-31 22:46 - 2015-03-31 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-31 22:46 - 2015-03-31 22:46 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-31 22:45 - 2015-03-31 22:53 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-31 22:30 - 2015-03-31 22:30 - 00000861 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-31 22:19 - 2015-03-31 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-31 22:18 - 2015-03-31 22:18 - 00000000 ____D () C:\ProgramData\Skype
2015-03-31 22:18 - 2015-03-31 22:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-31 22:15 - 2010-12-18 08:27 - 00916480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-31 22:15 - 2010-12-18 08:26 - 01210880 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-31 22:15 - 2010-12-18 08:25 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-03-31 22:15 - 2010-12-18 08:23 - 05961216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-31 22:15 - 2010-12-18 08:23 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-03-31 22:15 - 2010-12-18 08:23 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-31 22:15 - 2010-12-18 08:23 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-31 22:15 - 2010-12-18 08:23 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-31 22:15 - 2010-12-18 08:22 - 11080704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-31 22:15 - 2010-12-18 08:22 - 01991680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-31 22:15 - 2010-12-18 08:22 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-31 22:15 - 2010-12-18 08:22 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-31 22:15 - 2010-12-18 08:22 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-31 22:15 - 2010-12-18 08:22 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-31 22:15 - 2010-12-18 08:22 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-31 22:15 - 2010-12-18 08:22 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-31 22:15 - 2010-12-18 08:22 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-31 22:15 - 2010-12-18 08:22 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-03-31 22:15 - 2010-12-18 08:22 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-31 22:15 - 2010-12-18 07:25 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-31 22:15 - 2010-12-18 06:48 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-31 22:15 - 2010-12-18 06:48 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-31 22:15 - 2010-12-18 06:47 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-31 22:15 - 2010-12-18 06:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-31 22:12 - 2009-03-08 13:34 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-31 22:12 - 2009-03-08 13:34 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\WinFXDocObj.exe
2015-03-31 22:12 - 2009-03-08 13:34 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-31 22:12 - 2009-03-08 13:34 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-31 22:12 - 2009-03-08 13:33 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-31 22:12 - 2009-03-08 13:33 - 00420352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-31 22:12 - 2009-03-08 13:33 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2015-03-31 22:12 - 2009-03-08 13:33 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2015-03-31 22:12 - 2009-03-08 13:33 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\PDMSetup.exe
2015-03-31 22:12 - 2009-03-08 13:33 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-03-31 22:12 - 2009-03-08 13:33 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-03-31 22:12 - 2009-03-08 13:33 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\SetDepNx.exe
2015-03-31 22:12 - 2009-03-08 13:33 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-03-31 22:12 - 2009-03-08 13:32 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-03-31 22:12 - 2009-03-08 13:32 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2015-03-31 22:12 - 2009-03-08 13:32 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2015-03-31 22:12 - 2009-03-08 13:32 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-03-31 22:12 - 2009-03-08 13:32 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2015-03-31 22:12 - 2009-03-08 13:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-03-31 22:12 - 2009-03-08 13:31 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-31 22:12 - 2009-03-08 13:31 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-31 22:12 - 2009-03-08 13:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-03-31 22:12 - 2009-03-08 13:31 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-03-31 22:12 - 2009-03-08 13:31 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-03-31 22:12 - 2009-03-08 13:31 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-31 22:12 - 2009-03-08 13:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-03-31 22:12 - 2009-03-08 13:30 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-03-31 22:12 - 2009-03-08 13:22 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-03-31 22:12 - 2009-03-08 13:11 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-31 22:12 - 2009-02-07 06:07 - 03698584 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-03-31 21:50 - 2015-03-31 21:51 - 00000000 ____D () C:\Windows\system32\vi-VN
2015-03-31 21:50 - 2015-03-31 21:51 - 00000000 ____D () C:\Windows\system32\eu-ES
2015-03-31 21:50 - 2015-03-31 21:51 - 00000000 ____D () C:\Windows\system32\ca-ES
2015-03-31 21:21 - 2015-03-31 21:21 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-03-29 22:45 - 2015-03-29 22:45 - 00001214 _____ () C:\Users\Schüle\Desktop\checkup.txt
2015-03-29 22:19 - 2015-03-29 22:19 - 00000000 ____D () C:\Program Files\ESET
2015-03-29 22:15 - 2015-03-29 22:15 - 00003094 _____ () C:\Users\Schüle\Desktop\eset2.txt
2015-03-29 22:15 - 2015-03-29 22:15 - 00000783 _____ () C:\Windows\NTIWVEDT.INI
2015-03-29 18:52 - 2015-03-29 18:52 - 00142656 _____ () C:\Windows\Minidump\Mini032915-01.dmp
2015-03-29 15:55 - 2015-03-29 15:55 - 00000955 _____ () C:\Users\Schüle\Desktop\eset1.txt
2015-03-27 00:39 - 2015-03-27 00:39 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-03-27 00:39 - 2015-03-27 00:39 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-03-27 00:35 - 2015-03-27 00:35 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-27 00:35 - 2015-03-27 00:35 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-27 00:27 - 2015-03-27 00:29 - 00000607 _____ () C:\Windows\wininit.ini
2015-03-27 00:24 - 2015-03-27 00:27 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-27 00:24 - 2015-03-27 00:24 - 00001831 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-27 00:24 - 2015-03-27 00:24 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\AVAST Software
2015-03-27 00:24 - 2015-03-27 00:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-27 00:23 - 2015-03-27 00:23 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-27 00:23 - 2015-03-27 00:23 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-27 00:23 - 2015-03-27 00:23 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-27 00:23 - 2015-03-27 00:23 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-27 00:20 - 2015-03-27 00:20 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-27 00:19 - 2015-03-27 00:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-27 00:07 - 2015-03-27 00:07 - 00139552 _____ () C:\Windows\Minidump\Mini032615-01.dmp
2015-03-26 23:49 - 2015-03-26 23:49 - 00000939 _____ () C:\Users\Schüle\Desktop\JRT.txt
2015-03-25 10:12 - 2015-03-25 10:12 - 00001886 _____ () C:\Users\Schüle\Desktop\a2scan_150325-063559 bericht.txt
2015-03-25 07:22 - 2015-03-25 07:22 - 00142656 _____ () C:\Windows\Minidump\Mini032515-01.dmp
2015-03-25 00:54 - 2015-03-25 00:54 - 00142656 _____ () C:\Windows\Minidump\Mini032415-02.dmp
2015-03-25 00:14 - 2015-03-25 00:14 - 00000000 ____D () C:\OETemp
2015-03-24 22:04 - 2015-03-24 22:04 - 00000693 _____ () C:\Users\Schüle\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-24 22:03 - 2015-03-25 07:25 - 00000000 ____D () C:\EEK
2015-03-24 02:09 - 2015-03-24 02:09 - 00142608 _____ () C:\Windows\Minidump\Mini032415-01.dmp
2015-03-23 23:32 - 2015-03-29 22:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-23 23:32 - 2015-03-29 22:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-23 23:31 - 2015-03-23 23:31 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-23 18:30 - 2015-03-23 18:30 - 00142608 _____ () C:\Windows\Minidump\Mini032315-01.dmp
2015-03-22 23:01 - 2015-03-23 23:31 - 00000000 ____D () C:\Users\Schüle\Desktop\mbar
2015-03-22 22:43 - 2015-03-25 00:27 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-22 22:37 - 2015-03-22 22:37 - 00138976 _____ () C:\Windows\Minidump\Mini032215-01.dmp
2015-03-19 23:33 - 2015-03-25 00:35 - 00000000 ____D () C:\Program Files\Avira
2015-03-19 23:17 - 2015-03-19 23:17 - 00005115 _____ () C:\ProgramData\N360BUOptions.ini
2015-03-19 21:50 - 2015-03-19 21:50 - 00014681 _____ () C:\Users\Schüle\Desktop\gamer.txt
2015-03-19 21:50 - 2015-03-19 21:50 - 00000104 ____H () C:\Users\Schüle\Desktop\.~lock.gamer.txt#
2015-03-19 21:16 - 2015-03-29 22:48 - 00034040 _____ () C:\Users\Schüle\Desktop\FRST.txt
2015-03-19 17:22 - 2015-04-01 19:47 - 00000000 ____D () C:\FRST
2015-03-19 17:18 - 2015-03-19 17:18 - 00000000 _____ () C:\Users\Schüle\defogger_reenable
2015-03-19 15:22 - 2015-03-23 23:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-19 14:33 - 2015-03-19 14:33 - 00138976 _____ () C:\Windows\Minidump\Mini031915-01.dmp
2015-03-14 17:12 - 2015-03-14 17:12 - 00138200 _____ () C:\Windows\Minidump\Mini031415-01.dmp
2015-03-13 12:58 - 2015-03-13 12:58 - 00015810 _____ () C:\Users\Schüle\Desktop\haushaltshilfen 2014.odt
2015-03-08 16:11 - 2015-03-07 21:58 - 00013171 _____ () C:\Users\Schüle\Documents\SDK%20Julia%20Schüle%20%202011%20Heilpraktiker.odt_0.odt
2015-03-08 16:11 - 2015-03-07 21:58 - 00012352 _____ () C:\Users\Schüle\Documents\BKK%20Schmidt%20Haushaltshilfe.odt_0.odt
2015-03-07 21:34 - 2015-03-07 21:34 - 00000152 ____H () C:\Users\Schüle\Desktop\.~lock.BKK Schmidt Haushaltshilfe.odt#
2015-03-07 16:10 - 2015-03-07 16:10 - 00014154 _____ () C:\Users\Schüle\Desktop\BKK Schmidt Haushaltshilfe.odt
2015-03-05 11:54 - 2015-03-05 11:54 - 00138976 _____ () C:\Windows\Minidump\Mini030515-01.dmp
2015-03-03 06:48 - 2015-03-03 06:48 - 00138976 _____ () C:\Windows\Minidump\Mini030315-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 19:46 - 2013-05-22 13:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 19:46 - 2009-03-06 12:09 - 01075513 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 19:35 - 2012-04-20 09:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 19:04 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-04-01 18:50 - 2008-01-21 09:16 - 00005552 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 18:48 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-01 18:43 - 2011-11-28 15:35 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-01 18:42 - 2014-06-09 23:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-01 18:42 - 2013-05-22 13:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 18:42 - 2010-08-14 20:32 - 00027934 _____ () C:\ProgramData\nvModes.001
2015-04-01 18:42 - 2009-03-06 12:16 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-04-01 18:42 - 2008-09-11 02:01 - 00000147 _____ () C:\Windows\system32\agent.log
2015-04-01 18:42 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 18:42 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 18:42 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 01:02 - 2006-11-02 15:01 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-31 23:07 - 2014-10-08 22:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-31 23:07 - 2008-01-21 04:47 - 00333676 _____ () C:\Windows\PFRO.log
2015-03-31 22:55 - 2012-04-20 09:14 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-31 22:55 - 2012-04-20 09:14 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-31 22:45 - 2011-05-07 21:15 - 00000000 ____D () C:\Program Files\Java
2015-03-31 22:43 - 2012-09-09 19:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-31 22:42 - 2014-10-08 22:06 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-03-31 22:42 - 2014-10-08 22:06 - 00001792 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-03-31 22:42 - 2010-12-23 00:38 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-03-31 22:38 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-31 22:30 - 2010-01-19 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-31 22:24 - 2009-04-11 22:57 - 00000951 _____ () C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-31 22:00 - 2009-04-11 22:56 - 00000917 _____ () C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-03-31 21:56 - 2006-11-02 14:47 - 00323488 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-31 21:51 - 2008-01-21 09:15 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Photo Gallery
2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Collaboration
2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Calendar
2015-03-31 21:51 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Movie Maker
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\zh-TW
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\th-TH
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\sv-SE
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\SLUI
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\pt-PT
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\pt-BR
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\pl-PL
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\nl-NL
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\nb-NO
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ko-KR
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ja-JP
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\it-IT
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\hu-HU
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\he-IL
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\fi-FI
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\et-EE
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\el-GR
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\IME
2015-03-31 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-31 21:49 - 2008-09-11 01:40 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-03-31 21:49 - 2006-11-02 14:52 - 00133904 _____ () C:\Windows\setupact.log
2015-03-30 20:44 - 2010-08-05 20:34 - 00027934 _____ () C:\ProgramData\nvModes.dat
2015-03-29 18:52 - 2010-12-17 15:31 - 00000000 ____D () C:\Windows\Minidump
2015-03-29 18:52 - 2010-12-17 15:30 - 355437222 _____ () C:\Windows\MEMORY.DMP
2015-03-27 22:41 - 2013-08-21 21:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-27 00:39 - 2008-09-11 02:02 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-27 00:38 - 2009-04-17 22:46 - 00000000 ____D () C:\Users\Schüle\AppData\Local\Adobe
2015-03-27 00:38 - 2008-09-11 02:02 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-03-27 00:38 - 2008-09-11 02:02 - 00000000 ____D () C:\Program Files\Adobe
2015-03-27 00:29 - 2014-10-27 23:16 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\Dropbox
2015-03-26 23:46 - 2014-07-13 15:27 - 00000000 ____D () C:\AdwCleaner
2015-03-25 20:41 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing
2015-03-25 00:35 - 2009-04-25 22:25 - 00000000 ____D () C:\Program Files\Hardcopy
2015-03-25 00:27 - 2015-02-19 17:57 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-25 00:19 - 2009-05-13 22:52 - 00000000 ____D () C:\ProgramData\Apple
2015-03-20 21:42 - 2008-09-11 01:41 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-20 21:42 - 2008-09-11 01:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-03-19 17:18 - 2009-04-11 22:55 - 00000000 ____D () C:\Users\Schüle
2015-03-15 20:10 - 2010-01-19 23:23 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\vlc
2015-03-15 18:52 - 2010-07-29 22:19 - 00000000 ____D () C:\Users\Schüle\AppData\Roaming\dvdcss
2015-03-13 12:58 - 2014-02-15 17:53 - 00000000 ____D () C:\Users\Schüle\Desktop\Julia
2015-03-13 07:26 - 2008-09-11 02:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-09 22:07 - 2015-01-17 20:19 - 00000000 ____D () C:\Users\Schüle\Desktop\ebay 17.01.15
2015-03-08 16:54 - 2012-06-28 21:24 - 00000000 ____D () C:\ProgramData\firebird
==================== Files in the root of some directories =======
2011-04-27 18:58 - 2014-03-25 22:41 - 0001164 _____ () C:\Users\Schüle\AppData\Local\crc32list11.txt
2010-05-11 21:22 - 2014-06-08 22:16 - 0000680 _____ () C:\Users\Schüle\AppData\Local\d3d9caps.dat
2009-08-08 22:41 - 2015-01-18 12:04 - 0084992 _____ () C:\Users\Schüle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-11 22:04 - 2014-05-01 23:58 - 0004929 _____ () C:\ProgramData\hpzinstall.log
2015-03-19 23:17 - 2015-03-19 23:17 - 0005115 _____ () C:\ProgramData\N360BUOptions.ini
2010-08-14 20:32 - 2015-04-01 18:42 - 0027934 _____ () C:\ProgramData\nvModes.001
2010-08-05 20:34 - 2015-03-30 20:44 - 0027934 _____ () C:\ProgramData\nvModes.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-01 19:03
==================== End Of Log ============================
--- --- --- Ich denke der Rechner verhält sich wieder normal. |
|
02.04.2015, 19:59
| #25 |
| /// the machine /// TB-Ausbilder | UPS Phishing Mail geöffnet uns auf Link geklickt Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu UPS Phishing Mail geöffnet uns auf Link geklickt |
| administrator, bluescreen 0, converter, defender, explorer, flash player, phishing, registry, services.exe, software, svchost.exe, sweetpacks bundle uninstaller entfernen, symantec, winlogon.exe, yontoo entfernen |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
