dirk1435 | 20.08.2013 18:37 | Hallo,
hier die Ergebnisse: Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.08.20.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Dirk :: HPPAV [Administrator]
Schutz: Aktiviert
20.08.2013 17:27:38
mbam-log-2013-08-20 (17-27-38).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232948
Laufzeit: 44 Minute(n), 42 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 3
C:\Dokumente und Einstellungen\Dirk\Eigene Dateien\Downloads\SoftonicDownloader_fuer_microsoft-snapshot-viewer.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Dirk\Eigene Dateien\Downloads\winamp5621_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Dirk\Eigene Dateien\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende) Code:
# AdwCleaner v3.000 - Report created 20/08/2013 at 18:37:30
# Updated 20/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dirk - HPPAV
# Running from : C:\Dokumente und Einstellungen\Dirk\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Programme\Ask.com
Folder Deleted : C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Anwendungsdaten\AskToolbar
Folder Deleted : C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\AskToolbar
Folder Deleted : C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Mozilla\Firefox\Profiles\19uxv359.Standard-Benutzer\Extensions\toolbar@ask.com
File Deleted : C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Mozilla\Firefox\Profiles\19uxv359.Standard-Benutzer\searchplugins\Askcom.xml
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v23.0.1 (de)
[ File : C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Mozilla\Firefox\Profiles\19uxv359.Standard-Benutzer\prefs.js ]
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.asktb.FeaturePageVersion", "1");
Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Programme\\Ask.com\\");
Line Deleted : user_pref("extensions.asktb.OOBEVersion", "1");
Line Deleted : user_pref("extensions.asktb.apn_dbr", "ff_18.0.2");
Line Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Line Deleted : user_pref("extensions.asktb.cbid", "^AGS");
Line Deleted : user_pref("extensions.asktb.config-updated", true);
Line Deleted : user_pref("extensions.asktb.crumb", "2013.02.23+04.27.20-toolbar007iad-DE-RnJhbmtmdXJ0IEFtIE1haW4sR2VybWFueQ%3D%3D");
Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar&locale={locale}");
Line Deleted : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Line Deleted : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Line Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=");
Line Deleted : user_pref("extensions.asktb.fresh-install", false);
Line Deleted : user_pref("extensions.asktb.guid", "9c12e83e-2e0d-458a-924b-8e0115d2ea15");
Line Deleted : user_pref("extensions.asktb.hpr", "YES");
Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Line Deleted : user_pref("extensions.asktb.if", "first");
Line Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1376930280689");
Line Deleted : user_pref("extensions.asktb.locale", "de_DE");
Line Deleted : user_pref("extensions.asktb.localePref", true);
Line Deleted : user_pref("extensions.asktb.location", "Frankfurt Am Main,Germany");
Line Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);
Line Deleted : user_pref("extensions.asktb.o", "APN10261");
Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.r", "4");
Line Deleted : user_pref("extensions.asktb.sa", "YES");
Line Deleted : user_pref("extensions.asktb.saguid", "5B2ED17E-1986-46C5-A995-EF86AC9296F9");
Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Line Deleted : user_pref("extensions.asktb.socialmini-first", true);
Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Line Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Line Deleted : user_pref("extensions.asktb.themeid", "");
Line Deleted : user_pref("extensions.asktb.timeinstalled", "23.02.2013 13:31:03");
Line Deleted : user_pref("extensions.asktb.to", "");
Line Deleted : user_pref("extensions.asktb.v", "3.15.26.100015");
Line Deleted : user_pref("extensions.asktb.version", "5.15.26.45268");
Line Deleted : user_pref("extensions.enabledAddons", "2020Player_IKEA%402020Technologies.com:5.0.7.0,moveplayer%40movenetworks.com:1.0.0.071303000004,%7Baff87fa2-a58e-4edd-b852-0a20203c1e17%7D:0.9,toolbar%40ask.com:[...]
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...]
[ File : C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Mozilla\Firefox\Profiles\j3ubug98.default\prefs.js ]
[ File : C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\Mozilla\Firefox\Profiles\slckpkmm.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [10279 octets] - [20/08/2013 18:36:29]
AdwCleaner[S0].txt - [10352 octets] - [20/08/2013 18:37:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10413 octets] ########## Code:
# AdwCleaner v3.000 - Report created 20/08/2013 at 18:50:33
# Updated 20/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dirk - HPPAV
# Running from : C:\Dokumente und Einstellungen\Dirk\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
-\\ Mozilla Firefox v23.0.1 (de)
[ File : C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Mozilla\Firefox\Profiles\19uxv359.Standard-Benutzer\prefs.js ]
[ File : C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\Mozilla\Firefox\Profiles\slckpkmm.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [10279 octets] - [20/08/2013 18:36:29]
AdwCleaner[R1].txt - [1055 octets] - [20/08/2013 18:48:14]
AdwCleaner[S0].txt - [10494 octets] - [20/08/2013 18:37:30]
AdwCleaner[S1].txt - [978 octets] - [20/08/2013 18:50:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1037 octets] ########## Code:
# AdwCleaner v3.000 - Report created 20/08/2013 at 19:00:31
# Updated 20/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dirk - HPPAV
# Running from : C:\Dokumente und Einstellungen\Dirk\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
-\\ Mozilla Firefox v23.0.1 (de)
[ File : C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Mozilla\Firefox\Profiles\19uxv359.Standard-Benutzer\prefs.js ]
[ File : C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\Mozilla\Firefox\Profiles\slckpkmm.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [10279 octets] - [20/08/2013 18:36:29]
AdwCleaner[R1].txt - [1055 octets] - [20/08/2013 18:48:14]
AdwCleaner[R2].txt - [1176 octets] - [20/08/2013 18:59:51]
AdwCleaner[S0].txt - [10494 octets] - [20/08/2013 18:37:30]
AdwCleaner[S1].txt - [1117 octets] - [20/08/2013 18:50:33]
AdwCleaner[S2].txt - [1098 octets] - [20/08/2013 19:00:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1158 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.1 (08.19.2013:1)
OS: Microsoft Windows XP x86
Ran by Dirk on 20.08.2013 at 19:14:55,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\mozilla\firefox\profiles\19uxv359.Standard-Benutzer\minidumps [9 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.08.2013 at 19:21:16,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 04
Ran by Dirk (administrator) on 20-08-2013 19:25:44
Running from C:\Dokumente und Einstellungen\Dirk\Eigene Dateien\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 6
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvsvc32.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Hewlett-Packard Company) C:\WINDOWS\system32\ps2.exe
(ICSI Technology Ltd.) C:\WINDOWS\Dit.exe
(RealNetworks, Inc.) C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
(Nullsoft, Inc.) C:\Programme\Winamp\winampa.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Programme\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Programme\OpenOffice.org 3\program\soffice.bin
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Farbar) C:\Dokumente und Einstellungen\Dirk\Eigene Dateien\Downloads\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [UpdateManager] - C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe [110592 2003-08-19] (Sonic Solutions)
HKLM\...\Run: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd [x]
HKLM\...\Run: [PS2] - C:\WINDOWS\system32\ps2.exe [81920 2002-10-16] (Hewlett-Packard Company)
HKLM\...\Run: [Dit] - C:\Windows\Dit.exe [86016 2004-04-02] (ICSI Technology Ltd.)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [3809280 2004-06-07] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - nwiz.exe /install [x]
HKLM\...\Run: [TkBellExe] - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [180269 2005-05-13] (RealNetworks, Inc.)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [81920 2004-06-07] (NVIDIA Corporation)
HKLM\...\Run: [WinampAgent] - C:\Programme\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM\...\Run: [avgnt] - C:\Programme\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKU\Anke\...\Run: [RecordNow!] - [x]
HKU\Default User\...\Run: [RecordNow!] - [x]
Startup: C:\Dokumente und Einstellungen\Dirk\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://srch-de8.hpwis.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de8.hpwis.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://srch-de8.hpwis.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Toolbar: HKCU -No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,83/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093366539924
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37961.189537037
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Winsock: Catalog9 01 C:\Programme\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Programme\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 26 C:\Programme\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Mozilla\Firefox\Path=Profiles\19uxv359.Standard-Benutzer
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2061 - C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2122 - C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1059 - C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: No Name - C:\Programme\Mozilla Firefox\extensions\Extensions.rdf
FF Extension: No Name - C:\Programme\Mozilla Firefox\extensions\installed-extensions-processed.txt
FF Extension: Default - C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [84024 2013-07-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-14] (Avira Operations GmbH & Co. KG)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2010-10-10] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2010-10-10] (Google Inc.)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-08-17] (Mozilla Foundation)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 basic2; C:\Windows\System32\DRIVERS\HSF_BSC2.sys [67167 2001-08-17] (Conexant)
R3 CardReaderFilter; C:\WINDOWS\system32\Drivers\USBCRFT.SYS [13440 2013-08-20] (ICSI Technology Ltd.)
R3 cmuda; C:\Windows\System32\drivers\cmuda.sys [784832 2003-12-12] (C-Media Inc)
S3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R2 Fallback; C:\Windows\System32\DRIVERS\HSF_FALL.sys [289887 2001-08-17] (Conexant)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 FETNDISB; C:\Windows\System32\DRIVERS\fetnd5b.sys [40960 2002-10-29] (VIA Technologies, Inc. )
R2 Fsks; C:\Windows\System32\DRIVERS\HSF_FSKS.sys [115807 2001-08-17] (Conexant)
S3 HSFHWBS2; C:\Windows\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-04] (Conexant Systems, Inc.)
S3 HSF_DP; C:\Windows\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-04] (Conexant Systems, Inc.)
S3 hsf_msft; C:\Windows\System32\DRIVERS\HSF_MSFT.sys [542879 2001-08-17] (Conexant)
S3 Intels51; C:\Windows\System32\DRIVERS\ctxs51.sys [638366 2002-07-01] (Intel Corporation)
R2 K56; C:\Windows\System32\DRIVERS\HSF_K56K.sys [391199 2001-08-17] (Conexant)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 nvcap; C:\Windows\System32\DRIVERS\nvcap.sys [126878 2003-11-10] ()
R2 NVXBAR; C:\Windows\System32\DRIVERS\NVxbar.sys [13360 2003-11-10] (NVIDIA Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-03] (Padus, Inc.)
S3 Rksample; C:\Windows\System32\DRIVERS\HSF_SAMP.sys [57471 2001-08-17] (Conexant)
R2 SoftFax; C:\Windows\System32\DRIVERS\HSF_FAXX.sys [199711 2001-08-17] (Conexant)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-23] (Avira GmbH)
R2 Tones; C:\Windows\System32\DRIVERS\HSF_TONE.sys [50751 2001-08-17] (Conexant)
R2 V124; C:\Windows\System32\DRIVERS\HSF_V124.sys [488383 2001-08-17] (Conexant)
R0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
S3 winachsf; C:\Windows\System32\DRIVERS\HSFCXTS2.sys [685056 2004-08-04] (Conexant Systems, Inc.)
S3 wlags48d; C:\Windows\System32\DRIVERS\wlags48d.sys [153088 2003-07-09] (Agere Systems)
S3 ALCXWDM; system32\drivers\ALCXWDM.SYS [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 IntelIde; No ImagePath
U3 TlntSvr;
==================== NetSvcs (Whitelisted) ===================
NETSVC: Ip6FwHlp -> No Registry Path.
==================== One Month Created Files and Folders ========
2013-08-20 19:14 - 2013-08-20 19:14 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-20 19:08 - 2013-08-20 19:08 - 00001238 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\AdwCleaner[S2].txt
2013-08-20 18:58 - 2013-08-20 18:58 - 00001117 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\AdwCleaner[S1].txt
2013-08-20 18:47 - 2013-08-20 18:47 - 00010494 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\AdwCleaner[S0]_1.txt
2013-08-20 18:36 - 2013-08-20 19:00 - 00000000 ____D C:\AdwCleaner
2013-08-20 18:34 - 2013-08-20 18:34 - 00975858 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\adwcleaner.exe
2013-08-20 17:08 - 2013-08-20 17:08 - 00000760 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 17:07 - 2013-08-20 17:08 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-08-20 17:07 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-08-19 23:11 - 2013-08-19 23:11 - 00010186 _____ C:\ComboFix.txt
2013-08-19 21:28 - 2004-11-05 19:57 - 00000211 _____ C:\Boot.bak
2013-08-19 21:27 - 2013-08-19 21:28 - 00000000 _RSHD C:\cmdcons
2013-08-19 21:27 - 2004-08-03 23:00 - 00262448 __RSH C:\cmldr
2013-08-19 21:24 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-08-19 21:24 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-08-19 21:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-08-19 21:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-08-19 21:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-08-19 21:24 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-08-19 21:24 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-08-19 21:24 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-08-19 21:24 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-08-19 21:23 - 2013-08-19 23:11 - 00000000 ____D C:\Qoobox
2013-08-19 21:23 - 2013-08-19 21:23 - 00000000 ___RD C:\Dokumente und Einstellungen\Dirk\Startmenü\Programme\Verwaltung
2013-08-19 21:22 - 2013-08-19 23:08 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-19 20:44 - 2013-08-19 20:44 - 00026041 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\FRST.txt
2013-08-19 20:43 - 2013-08-19 20:43 - 00032888 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\Addition.txt
2013-08-19 20:39 - 2013-08-19 20:39 - 00000000 ____D C:\FRST
2013-08-19 19:04 - 2013-08-19 19:05 - 00000470 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\defogger_disable.log
2013-08-17 12:18 - 2013-08-18 11:22 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-08-15 20:40 - 2013-08-19 22:49 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-08-14 10:14 - 2013-08-14 10:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-14 10:13 - 2013-08-14 10:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862772$
2013-08-14 10:13 - 2013-08-14 10:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 10:13 - 2013-08-14 10:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 10:12 - 2013-08-14 10:12 - 00005344 _____ C:\WINDOWS\KB2863058.log
2013-08-14 10:12 - 2013-08-14 10:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 10:12 - 2013-08-14 10:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-14 07:51 - 2013-08-14 10:14 - 00014684 _____ C:\WINDOWS\KB2862772.log
2013-08-14 07:51 - 2013-08-14 10:13 - 00010366 _____ C:\WINDOWS\KB2850869.log
2013-08-14 07:50 - 2013-08-14 10:13 - 00011111 _____ C:\WINDOWS\KB2859537.log
2013-07-30 18:58 - 2013-07-30 18:58 - 00001891 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
==================== One Month Modified Files and Folders =======
2013-08-20 19:21 - 2013-08-20 19:21 - 00001126 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\JRT.txt
2013-08-20 19:14 - 2013-08-20 19:14 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-20 19:08 - 2013-08-20 19:08 - 00001238 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\AdwCleaner[S2].txt
2013-08-20 19:07 - 2004-08-26 08:32 - 00004412 _____ C:\WINDOWS\system32\nvapps.xml
2013-08-20 19:07 - 2004-08-24 19:13 - 00013440 _____ (ICSI Technology Ltd.) C:\WINDOWS\system32\Drivers\USBCRFT.SYS
2013-08-20 19:06 - 2003-06-27 15:43 - 00000190 ___SH C:\Dokumente und Einstellungen\LocalService\ntuser.ini
2013-08-20 19:06 - 2003-06-27 15:43 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-08-20 19:05 - 2004-08-24 18:55 - 01274871 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-20 19:02 - 2010-10-10 10:19 - 00001082 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-20 19:02 - 2003-06-27 15:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-20 19:01 - 2003-06-27 15:43 - 00032546 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-20 19:00 - 2013-08-20 18:36 - 00000000 ____D C:\AdwCleaner
2013-08-20 18:58 - 2013-08-20 18:58 - 00001117 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\AdwCleaner[S1].txt
2013-08-20 18:56 - 2003-06-27 15:22 - 00001230 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-20 18:48 - 2010-10-10 10:19 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-20 18:47 - 2013-08-20 18:47 - 00010494 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\AdwCleaner[S0]_1.txt
2013-08-20 18:41 - 2013-03-16 09:39 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-20 18:39 - 2004-11-05 17:24 - 00000190 ___SH C:\Dokumente und Einstellungen\Dirk\ntuser.ini
2013-08-20 18:39 - 2003-06-27 16:35 - 00000214 _____ C:\WINDOWS\wiadebug.log
2013-08-20 18:38 - 2004-11-05 17:24 - 00000000 ____D C:\Dokumente und Einstellungen\Dirk
2013-08-20 18:37 - 2003-06-27 16:33 - 00000000 ___RD C:\Programme
2013-08-20 18:35 - 2003-06-27 16:35 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-08-20 18:34 - 2013-08-20 18:34 - 00975858 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\adwcleaner.exe
2013-08-20 18:32 - 2013-02-23 14:48 - 00000000 ____D C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\CallingID
2013-08-20 18:15 - 2003-06-27 17:30 - 00000000 ____D C:\WINDOWS\Connection Wizard
2013-08-20 17:08 - 2013-08-20 17:08 - 00000760 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 17:08 - 2013-08-20 17:07 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-08-19 23:11 - 2013-08-19 23:11 - 00010186 _____ C:\ComboFix.txt
2013-08-19 23:11 - 2013-08-19 21:23 - 00000000 ____D C:\Qoobox
2013-08-19 23:08 - 2013-08-19 21:22 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-19 22:54 - 2003-06-27 15:22 - 00000227 _____ C:\WINDOWS\system.ini
2013-08-19 22:49 - 2013-08-15 20:40 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-08-19 21:56 - 2003-06-27 17:30 - 00000000 ____D C:\WINDOWS\Help
2013-08-19 21:28 - 2013-08-19 21:27 - 00000000 _RSHD C:\cmdcons
2013-08-19 21:28 - 2003-06-27 15:23 - 00000327 __RSH C:\boot.ini
2013-08-19 21:23 - 2013-08-19 21:23 - 00000000 ___RD C:\Dokumente und Einstellungen\Dirk\Startmenü\Programme\Verwaltung
2013-08-19 21:23 - 2004-11-05 17:24 - 00000000 ___RD C:\Dokumente und Einstellungen\Dirk\Startmenü\Programme
2013-08-19 21:22 - 2003-06-27 15:37 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2013-08-19 20:44 - 2013-08-19 20:44 - 00026041 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\FRST.txt
2013-08-19 20:43 - 2013-08-19 20:43 - 00032888 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\Addition.txt
2013-08-19 20:39 - 2013-08-19 20:39 - 00000000 ____D C:\FRST
2013-08-19 19:05 - 2013-08-19 19:04 - 00000470 _____ C:\Dokumente und Einstellungen\Dirk\Desktop\defogger_disable.log
2013-08-18 19:54 - 2012-04-27 19:06 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-08-18 11:22 - 2013-08-17 12:18 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-08-15 20:38 - 2013-02-23 14:45 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-08-15 17:05 - 2003-06-27 15:38 - 00000000 ____D C:\WINDOWS\Registration
2013-08-14 11:14 - 2003-06-27 15:49 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-14 10:18 - 2013-08-14 10:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-14 10:14 - 2013-08-14 10:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862772$
2013-08-14 10:14 - 2013-08-14 07:51 - 00014684 _____ C:\WINDOWS\KB2862772.log
2013-08-14 10:14 - 2011-11-11 14:46 - 00449885 _____ C:\WINDOWS\setupapi.log
2013-08-14 10:14 - 2005-08-12 20:00 - 01297485 _____ C:\WINDOWS\ocgen.log
2013-08-14 10:14 - 2005-08-12 20:00 - 01036201 _____ C:\WINDOWS\tsoc.log
2013-08-14 10:14 - 2005-08-12 20:00 - 00884405 _____ C:\WINDOWS\comsetup.log
2013-08-14 10:14 - 2005-08-12 20:00 - 00536693 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-14 10:14 - 2005-08-12 20:00 - 00431019 _____ C:\WINDOWS\iis6.log
2013-08-14 10:14 - 2005-05-11 17:00 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-14 10:14 - 2005-04-14 17:02 - 00245986 _____ C:\WINDOWS\updspapi.log
2013-08-14 10:14 - 2003-06-27 16:33 - 03182516 _____ C:\WINDOWS\FaxSetup.log
2013-08-14 10:14 - 2003-06-27 16:33 - 00169015 _____ C:\WINDOWS\ocmsn.log
2013-08-14 10:14 - 2003-06-27 16:33 - 00159409 _____ C:\WINDOWS\msgsocm.log
2013-08-14 10:14 - 2003-06-27 16:33 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-14 10:13 - 2013-08-14 10:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 10:13 - 2013-08-14 10:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 10:13 - 2013-08-14 07:51 - 00010366 _____ C:\WINDOWS\KB2850869.log
2013-08-14 10:13 - 2013-08-14 07:50 - 00011111 _____ C:\WINDOWS\KB2859537.log
2013-08-14 10:13 - 2003-06-27 16:33 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-14 10:12 - 2013-08-14 10:12 - 00005344 _____ C:\WINDOWS\KB2863058.log
2013-08-14 10:12 - 2013-08-14 10:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 10:12 - 2013-08-14 10:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-14 10:12 - 2007-02-14 16:54 - 00887648 _____ C:\WINDOWS\system32\TZLog.log
2013-08-14 10:09 - 2003-06-27 16:33 - 01030582 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-12 22:01 - 2007-06-23 15:05 - 00000000 ____D C:\Dokumente und Einstellungen\Dirk\Eigene Dateien\Dienststücke
2013-07-30 18:58 - 2013-07-30 18:58 - 00001891 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-07-25 10:13 - 2011-06-21 20:18 - 00037888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2013-07-25 10:13 - 2011-06-16 12:44 - 00852992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2013-07-25 10:13 - 2009-10-29 07:24 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdc.ocx
2013-07-25 10:13 - 2008-06-26 10:12 - 01510400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\shdocvw.dll
2013-07-25 10:13 - 2008-06-26 10:12 - 00629760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2013-07-25 10:13 - 2008-04-21 08:42 - 00674304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2013-07-25 10:13 - 2004-02-06 18:07 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-25 10:13 - 2004-01-21 19:24 - 01510400 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2013-07-25 10:13 - 2004-01-21 19:24 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-25 10:13 - 2003-06-27 15:22 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2013-07-25 10:13 - 2003-06-27 15:22 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2013-07-25 10:12 - 2010-11-05 07:04 - 00532480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2013-07-25 10:12 - 2010-09-09 16:17 - 00449536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2013-07-25 10:12 - 2010-03-10 06:33 - 01025024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\browseui.dll
2013-07-25 10:12 - 2010-02-26 07:41 - 00251904 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2013-07-25 10:12 - 2009-02-20 10:09 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieencode.dll
2013-07-25 10:12 - 2008-04-21 08:42 - 03113984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2013-07-25 10:12 - 2004-08-04 09:57 - 00081920 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
2013-07-25 10:12 - 2004-07-07 18:58 - 03113984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-25 10:12 - 2004-01-21 19:24 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\browseui.dll
2013-07-25 10:12 - 2003-06-27 15:22 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2013-07-25 10:12 - 2003-06-27 15:22 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2013-07-25 10:12 - 2003-06-27 15:22 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2013-07-25 09:26 - 2004-08-04 09:42 - 00371200 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2003-05-29 12:48] - [2008-04-14 07:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2003-06-27 15:22] - [2008-04-14 07:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2003-06-27 15:22] - [2008-04-14 07:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2003-06-27 15:22] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2003-06-27 15:22] - [2008-04-14 07:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2003-06-27 15:22] - [2008-04-14 07:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2003-06-27 15:22] - [2008-04-14 07:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Hoffentlich habe ich alles richtig gemacht. ;-)
Gruss & schönen Abend
Dirk |