Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=4a96e529110f9a4bbee8adc0d1f20d10
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-30 08:56:21
# local_time=2011-05-30 10:56:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 80022576 80022576 0 0
# compatibility_mode=5892 16776573 100 100 4010 144305401 0 0
# compatibility_mode=8192 67108863 100 0 148 148 0 0
# scanned=133140
# found=1
# cleaned=0
# scan_time=16307
C:\Users\Johannes\Desktop\Programme\Nero-9.2.6.0_trial.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4a96e529110f9a4bbee8adc0d1f20d10
# engine=14500
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-23 09:52:07
# local_time=2013-07-23 11:52:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 98 49612 196473766 42361 0
# compatibility_mode=5892 16776574 100 100 24863114 212105855 0 0
# scanned=72852
# found=8
# cleaned=0
# scan_time=3149
sh=D09F5EABBBB8AE7724F0AF988517467A909C1148 ft=1 fh=61741519c2ae5102 vn="a variant of Win32/Kryptik.BFDH trojan" ac=I fn="C:\FRST\Quarantine\skype.dat"
sh=6EA3497312EEB53D58536D96519FACB620ECEE1A ft=1 fh=f7cbd46de3740e71 vn="multiple threats" ac=I fn="C:\Users\Johannes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EY7RGTSC\WebCakesetup[1]"
sh=DDF2A8596C5075236A89A30998E5A2BAB1B43BEE ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Johannes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G46TF9EZ\bobiporn_xxx[1].htm"
sh=47C9AC5A041CEE7414DDAD48311BCAF52821DF03 ft=0 fh=0000000000000000 vn="JS/Exploit.Pdfka.QHC trojan" ac=I fn="C:\Users\Johannes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G46TF9EZ\ipe[1].pdf"
sh=6EA3497312EEB53D58536D96519FACB620ECEE1A ft=1 fh=f7cbd46de3740e71 vn="multiple threats" ac=I fn="C:\Users\Johannes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KM4QSLO0\WebCakesetup[1].exe"
sh=D09F5EABBBB8AE7724F0AF988517467A909C1148 ft=1 fh=61741519c2ae5102 vn="a variant of Win32/Kryptik.BFDH trojan" ac=I fn="C:\Users\Johannes\AppData\Local\Temp\aypdjoo"
sh=80E4CCF71A0C2ED2AE45826D9E7A1163F4A330F5 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Johannes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\7cc68957-7d9a7615"
sh=C3ABD52B558BDDAA2E6A7BA12A85986FD8152153 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Johannes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1aa51d9b-4bc4bb91"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4a96e529110f9a4bbee8adc0d1f20d10
# engine=14596
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-31 11:51:11
# local_time=2013-07-31 01:51:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 98 69781 197172110 62494 0
# compatibility_mode=5892 16776574 100 100 25561458 212804199 0 0
# scanned=168967
# found=2
# cleaned=0
# scan_time=10161
sh=D09F5EABBBB8AE7724F0AF988517467A909C1148 ft=1 fh=61741519c2ae5102 vn="a variant of Win32/Kryptik.BFDH trojan" ac=I fn="C:\FRST\Quarantine\skype.dat"
sh=DDF2A8596C5075236A89A30998E5A2BAB1B43BEE ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Johannes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G46TF9EZ\bobiporn_xxx[1].htm" Code:
Results of screen317's Security Check version 0.99.71
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
Internet Explorer 8 ``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! `````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
CCleaner
Java(TM) 6 Update 24
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader XI (KB403742..)
Mozilla Firefox (3.0.3) Firefox out of Date!
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe `````````````````System Health check`````````````````
Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013 (ATTENTION: FRST version is 27 days old)
Ran by Johannes (administrator) on 31-07-2013 14:16:16
Running from F:\
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
() C:\Program Files\ATK Hotkey\HControlUser.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Vimicro) C:\Windows\VM303_STI.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Dropbox, Inc.) C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla) C:\Program Files\Mozilla Sunbird\sunbird.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\smartlogon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\Johannes\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe" [98304 2008-01-12] ()
HKLM\...\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" [7766016 2008-01-24] ()
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1208320 2008-01-24] (Motorola Inc.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2008-02-01] ()
HKLM\...\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe [47672 2008-09-03] ()
HKLM\...\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) [61440 2005-06-23] (Vimicro)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-10-08] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2356088 2008-11-16] (Adobe Systems Incorporated)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2424192 2011-05-04] (SUPERAntiSpyware.com)
HKCU\...\Run: [Tesseract-OCR] C:\Program Files\Tesseract-OCR\tesseract.exe [x]
HKCU\...\Run: [playum] "C:\Users\Johannes\AppData\Roaming\playum.exe" -autorun [x]
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-11] (Adobe Systems Incorporated)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Johannes\AppData\Roaming\skype.dat <==== ATTENTION
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {3AC6FE21-EAE5-4DCD-8E56-F611D028451B} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU -No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\a6s6u9cc.default
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.gopher", ""
FF NetworkProxy: "backup.gopher_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "proxy.rrz.uni-hamburg.de"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "proxy.rrz.uni-hamburg.de"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "proxy.rrz.uni-hamburg.de"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.rrz.uni-hamburg.de"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxy.rrz.uni-hamburg.de"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 1
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Johannes\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
FF Extension: No Name - C:\Users\Johannes\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\a6s6u9cc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchURL: (Delta Search) - hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2CB8002243080929&affID=119357&tsp=4952
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
========================== Services (Whitelisted) =================
R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-10-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-10-08] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-06-19] (Cisco Systems, Inc.)
==================== Drivers (Whitelisted) ====================
R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-10-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-10-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-10-08] (Avira GmbH)
S3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [6656 2008-04-07] (Generic)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-06-19] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-10-08] (Avira GmbH)
S3 ZSMC303; C:\Windows\System32\Drivers\usbVM303.sys [389788 2005-07-14] (Vimicro Corporation)
S3 appliandMP; system32\DRIVERS\appliand.sys [x]
S3 catchme; \??\C:\Users\Johannes\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-31 14:10 - 2013-07-31 14:10 - 00891098 ____A C:\Users\Johannes\Downloads\SecurityCheck.exe
2013-07-31 10:28 - 2013-07-31 10:45 - 00000000 ____D C:\Users\Johannes\Desktop\USB an Eike
2013-07-23 10:56 - 2013-07-23 10:56 - 02347384 ____A (ESET) C:\Users\Johannes\Downloads\esetsmartinstaller_enu.exe
2013-07-23 08:53 - 2013-07-23 08:53 - 01219808 ____A (Farbar) C:\Users\Johannes\Downloads\FRST.exe
2013-07-23 08:47 - 2013-07-23 08:47 - 00000784 ____A C:\Users\Johannes\Desktop\JRT.txt
2013-07-23 08:44 - 2013-07-23 08:44 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 08:28 - 2013-07-23 08:28 - 00004992 ____A C:\AdwCleaner[S1].txt
2013-07-23 08:17 - 2013-07-23 08:17 - 00000000 ____D C:\Users\Johannes\Qtrax
2013-07-23 08:01 - 2013-07-23 08:53 - 00000000 ____D C:\Users\Johannes\Desktop\trojaner
2013-07-20 18:26 - 2013-05-29 03:56 - 12333568 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-20 18:26 - 2013-05-29 03:50 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-20 18:26 - 2013-05-29 03:48 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-20 18:26 - 2013-05-29 03:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-20 18:26 - 2013-05-29 03:41 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-20 18:26 - 2013-05-29 03:41 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-20 18:26 - 2013-05-29 03:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-20 18:26 - 2013-05-29 03:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-20 18:26 - 2013-05-29 03:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-20 18:26 - 2013-05-29 03:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-20 18:26 - 2013-05-29 03:35 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-20 18:26 - 2013-05-29 03:35 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-20 18:26 - 2013-05-29 03:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-20 18:26 - 2013-05-29 03:33 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-20 18:26 - 2013-05-29 03:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-20 18:26 - 2013-05-29 03:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-14 17:52 - 2013-07-14 17:52 - 00000000 ____D C:\Program Files\HP
2013-07-14 17:51 - 2013-04-15 11:49 - 00546304 ____A C:\Windows\System32\HP1006SM.EXE
2013-07-14 17:51 - 2013-04-15 11:49 - 00176128 ____A C:\Windows\System32\HP1006LM.DLL
2013-07-13 09:28 - 2013-06-04 03:50 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-13 09:28 - 2013-06-01 06:06 - 00505344 ____A (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-13 09:28 - 2013-05-08 06:04 - 01548288 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-13 09:28 - 2013-04-17 13:28 - 01029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-13 09:28 - 2013-04-17 13:28 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-13 09:28 - 2013-04-17 13:28 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-13 09:28 - 2013-04-17 13:28 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-13 09:28 - 2013-04-17 12:34 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-13 09:28 - 2013-04-17 12:33 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-13 09:28 - 2013-04-17 12:14 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-13 09:28 - 2013-04-17 12:10 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-13 09:28 - 2013-04-17 12:10 - 00798208 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-06 11:07 - 2013-07-06 11:07 - 00000000 ____D C:\FRST
==================== One Month Modified Files and Folders ========
2013-07-31 14:14 - 2010-11-04 21:08 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-31 14:14 - 2010-11-04 21:08 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-31 14:10 - 2013-07-31 14:10 - 00891098 ____A C:\Users\Johannes\Downloads\SecurityCheck.exe
2013-07-31 14:08 - 2012-10-12 08:55 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 14:06 - 2011-06-24 18:06 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\Dropbox
2013-07-31 14:01 - 2008-09-02 22:10 - 01778442 ____A C:\Windows\WindowsUpdate.log
2013-07-31 12:54 - 2006-11-02 14:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 12:54 - 2006-11-02 14:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 10:45 - 2013-07-31 10:28 - 00000000 ____D C:\Users\Johannes\Desktop\USB an Eike
2013-07-31 10:24 - 2006-11-02 12:33 - 01601534 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-31 07:31 - 2011-06-24 18:16 - 00000000 ___RD C:\Users\Johannes\Dropbox
2013-07-30 18:24 - 2008-10-17 09:46 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\Skype
2013-07-30 18:23 - 2013-06-12 10:02 - 00000000 ____D C:\Program Files\Mozilla Sunbird
2013-07-30 18:22 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-23 11:53 - 2006-11-02 15:01 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-23 10:56 - 2013-07-23 10:56 - 02347384 ____A (ESET) C:\Users\Johannes\Downloads\esetsmartinstaller_enu.exe
2013-07-23 08:53 - 2013-07-23 08:53 - 01219808 ____A (Farbar) C:\Users\Johannes\Downloads\FRST.exe
2013-07-23 08:53 - 2013-07-23 08:01 - 00000000 ____D C:\Users\Johannes\Desktop\trojaner
2013-07-23 08:47 - 2013-07-23 08:47 - 00000784 ____A C:\Users\Johannes\Desktop\JRT.txt
2013-07-23 08:44 - 2013-07-23 08:44 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 08:30 - 2011-05-04 17:34 - 00251274 ____A C:\Windows\PFRO.log
2013-07-23 08:28 - 2013-07-23 08:28 - 00004992 ____A C:\AdwCleaner[S1].txt
2013-07-23 08:28 - 2008-10-14 17:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-23 08:17 - 2013-07-23 08:17 - 00000000 ____D C:\Users\Johannes\Qtrax
2013-07-23 08:17 - 2008-10-11 17:18 - 00000000 ____D C:\users\Johannes
2013-07-22 23:12 - 2008-10-14 20:49 - 00028160 ____A C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-21 23:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-21 21:01 - 2011-04-30 07:12 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2013-07-21 21:00 - 2006-11-02 14:47 - 00372096 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-21 12:09 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-07-20 18:35 - 2008-09-02 22:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-20 18:30 - 2006-11-02 12:24 - 75699896 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-07-20 18:19 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 17:52 - 2013-07-14 17:52 - 00000000 ____D C:\Program Files\HP
2013-07-06 11:07 - 2013-07-06 11:07 - 00000000 ____D C:\FRST
2013-07-06 06:50 - 2008-10-27 21:20 - 00001356 ____A C:\Users\Johannes\AppData\Local\d3d9caps.dat
2013-07-02 14:35 - 2011-05-06 18:13 - 00015229 ____A C:\Windows\setupact.log
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-30 18:32
==================== End Of Log ============================ --- --- ---
--- --- ---
Keine weiteren Probleme!
Vielen Dank!!
Noch was zu tun? |