| |
| |||||||
Log-Analyse und Auswertung: Browser-Hijacking: FBDownloader / Deltasearch / DealplyWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.08.2013, 21:03
| #1 |
| |  Browser-Hijacking: FBDownloader / Deltasearch / Dealply Hallo, vor einiger Zeit habe ich mir den IKEA-Raumplaner heruntergeladen und mir - so scheint es jedenfalls - gleichzeitig den FB Downloader eingefangen. Daraufhin habe ich in verschiedenen Foren gelesen, mir das Programm "adw cleaner" heruntergeladen und die Datein gelöscht. In weiteren logs tauchte "fb downloader" nicht mehr auf, jedoch erschien die Suchmaschine bei jedem neuen Öffnen von Chrome erneut. Im Anschluss ließ ich "hijackthis" scannen, doch auch hier fand sich kein "fb downloader" mehr. Bei dem Versuch, Mozilla Firefox zu installieren, wurde ich - möglicherweise durch "fb downloader" (?) auf eine sehr ähnlich aussehende Seite gelockt. In meinen installierten Programmen fanden sich nun "deltasearch" und "dealply", diese habe ich bereits deinstalliert. Trotzallem öffnet sich "deltasearch" als Suchmaschine, sobald ich Chrome als Browser öffne. Unten findet ihr die aktuellsten logs von "adw cleaner" und "hijackthis". Für schnelle Hilfe wäre ich sehr dankbar  Lieben Gruß ruthiputhi Code:
ATTFilter # AdwCleaner v2.306 - Datei am 15/08/2013 um 21:45:09 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jana - JANA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jana\Downloads\adwcleaner(1).exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gefunden : C:\Windows\Tasks\Dealply.job
Ordner Gefunden : C:\Program Files (x86)\DealPly
Ordner Gefunden : C:\Program Files (x86)\DealPlyLive
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\BrowserDefender
Ordner Gefunden : C:\ProgramData\DealPlyLive
Ordner Gefunden : C:\Users\Jana\AppData\Local\DealPlyLive
Ordner Gefunden : C:\Users\Jana\AppData\Roaming\BabSolution
Ordner Gefunden : C:\Users\Jana\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Jana\AppData\Roaming\DealPly
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\BabSolution
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Delta
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CredentialDialogMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CredentialDialogMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\8558d8bb26ebe48
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v23.0 (en-US)
Datei : C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\zjyvsalc.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v28.0.1500.95
Datei : C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.2238] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=CCCB904CE519FA3C&affID=119357&tt=150813_206&tsp=4975",
*************************
AdwCleaner[R1].txt - [7514 octets] - [15/08/2013 11:42:20]
AdwCleaner[R2].txt - [7574 octets] - [15/08/2013 11:50:45]
AdwCleaner[R3].txt - [1019 octets] - [15/08/2013 20:17:59]
AdwCleaner[R4].txt - [1080 octets] - [15/08/2013 20:22:56]
AdwCleaner[R5].txt - [7585 octets] - [15/08/2013 21:45:09]
AdwCleaner[S1].txt - [7534 octets] - [15/08/2013 11:52:21]
AdwCleaner[S2].txt - [1143 octets] - [15/08/2013 20:23:25]
########## EOF - C:\AdwCleaner[R5].txt - [7765 octets] ##########
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:50:08, on 15.08.2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16635) Boot mode: Normal Running processes: C:\Program Files (x86)\Dell V505\dldwmon.exe C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Jana\Downloads\HiJackThis204.exe C:\Windows\SysWOW64\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Dell V505] "C:\Program Files (x86)\Dell V505\fm3032.exe" /s O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Del2924347] cmd.exe /Q /D /c del "C:\Users\Jana\AppData\Local\Temp\0.del" O4 - HKCU\..\Run: [SSync] "C:\Users\Jana\AppData\Roaming\SSync\SSync.exe" O4 - HKCU\..\Run: [SCheck] "C:\Users\Jana\AppData\Roaming\SCheck\SCheck.exe" check O4 - HKCU\..\Run: [Snoozer] "C:\Users\Jana\AppData\Roaming\Snz\Snz.exe" O4 - HKCU\..\Run: [Intermediate] "C:\Users\Jana\AppData\Roaming\Intermediate\Intermediate.exe" O4 - HKCU\..\RunOnce: [Del2924316] cmd.exe /Q /D /c del "C:\Users\Jana\AppData\Local\Temp\0.del" O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Startup: Dropbox.lnk = Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe O4 - Global Startup: vpngui.exe.lnk = ? O8 - Extra context menu item: &Citavi Picker... - file://C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.dell.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DealPly Live-Dienst (dealplylive) (dealplylive) - DealPly Technologies Ltd - C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe O23 - Service: DealPly Live-Dienst (dealplylivem) (dealplylivem) - DealPly Technologies Ltd - C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe O23 - Service: dldwCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dldwserv.exe O23 - Service: dldw_device - - C:\Windows\system32\dldwcoms.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10573 bytes |
|
15.08.2013, 21:16
| #2 |
| /// the machine /// TB-Ausbilder    | Browser-Hijacking: FBDownloader / Deltasearch / Dealply hi,
__________________AdwCleaner auch löschen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
25.08.2013, 18:12
| #3 |
| | Browser-Hijacking: FBDownloader / Deltasearch / DealplyCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.25.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Jana :: JANA-PC [Administrator] Schutz: Aktiviert 25.08.2013 19:00:33 mbam-log-2013-08-25 (19-00-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230854 Laufzeit: 4 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 8 C:\Users\Jana\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jana\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jana\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 11 C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\Setup.exe (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jana\AppData\Local\Temp\is1275519350\2858475_Setup.EXE (PUP.Optional.LyricXeeker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jana\AppData\Local\Temp\is1275519350\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jana\Downloads\SoftonicDownloader_fuer_ikea-home-planer.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jana\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jana\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jana\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013 02 Ran by Jana (administrator) on 25-08-2013 19:08:59 Running from C:\Users\Jana\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\Dell V505\dldwmon.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe ( ) C:\Windows\system32\dldwcoms.exe (Dropbox, Inc.) C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [dldwmon.exe] - C:\Program Files (x86)\Dell V505\dldwmon.exe [677104 2008-06-05] () HKLM\...\Run: [dldwamon] - C:\Program Files (x86)\Dell V505\dldwamon.exe [16624 2008-06-05] () HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKCU\...\Run: [SSync] - C:\Users\Jana\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] () HKCU\...\Run: [SCheck] - C:\Users\Jana\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] () HKCU\...\Run: [Snoozer] - C:\Users\Jana\AppData\Roaming\Snz\Snz.exe [1137673 2013-07-23] () HKCU\...\Run: [Intermediate] - C:\Users\Jana\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] () MountPoints2: {942cd131-8c0e-11e2-9da6-0026b90fe0bc} - E:\iStudio.exe MountPoints2: {c75b7107-e96a-11e2-bf99-0026b90fe0bc} - E:\setup_vmc_lite.exe /checkApplicationPresence MountPoints2: {c75b7195-e96a-11e2-bf99-0026b90fe0bc} - E:\setup_vmc_lite.exe /checkApplicationPresence MountPoints2: {dfbad86d-3ebf-11e2-af9b-0026b90fe0bc} - E:\laucher.exe HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Dell V505] - C:\Program Files (x86)\Dell V505\fm3032.exe [312560 2008-06-05] () HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe () Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {F6955CC8-5F25-4F0E-8525-55B6718B904E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=252A2F63-1CC4-4270-B505-BFB69EBBF7A5&apn_sauid=49A75E25-45AB-4FAC-A26E-6381B1FBE38C BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\zjyvsalc.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR HomePage: hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21 CHR RestoreOnStartup: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21" CHR DefaultSearchURL: (Search) - hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms} CHR DefaultSuggestURL: (Search) - "suggest_url": "" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File CHR Extension: (Adblock Plus) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0 CHR Extension: (OfferMosquito) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\0.6.1_0 CHR Extension: (Citavi Picker) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio\2013.5.30_0 CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software) S2 dldwCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldwserv.exe [34032 2008-05-16] () R2 dldw_device; C:\Windows\system32\dldwcoms.exe [1041136 2008-05-16] ( ) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-31] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-31] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software) R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-31] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-31] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-31] (AVAST Software) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-25 18:57 - 2013-08-25 18:57 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-25 18:57 - 2013-08-25 18:57 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Malwarebytes 2013-08-25 18:57 - 2013-08-25 18:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-25 18:57 - 2013-08-25 18:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-25 18:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-25 18:56 - 2013-08-25 18:57 - 01576630 _____ (Farbar) C:\Users\Jana\Downloads\FRST64.exe 2013-08-25 18:56 - 2013-08-25 18:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jana\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-16 20:18 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-16 20:18 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-16 20:18 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-16 20:18 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-16 20:18 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-16 20:18 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-16 20:18 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-16 20:18 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-16 20:18 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-16 20:18 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-16 20:18 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-16 20:18 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-16 20:18 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-16 20:17 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-16 20:17 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-16 20:17 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-16 20:17 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-16 20:17 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-16 20:17 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-16 20:17 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-16 20:17 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-16 20:17 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-16 20:17 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-16 20:17 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-16 20:17 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-16 20:17 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-16 20:17 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-16 20:17 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-16 20:17 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-16 20:17 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-16 20:17 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-15 22:09 - 2013-08-15 22:09 - 00000000 ____D C:\Users\Jana\AppData\Local\Macromedia 2013-08-15 22:08 - 2013-08-25 18:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-15 22:08 - 2013-08-25 18:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-15 22:06 - 2013-08-15 22:06 - 01069032 _____ (Solid State Networks) C:\Users\Jana\Downloads\install_flashplayer11x32_ltr5x64d_awc_aih.exe 2013-08-15 21:50 - 2013-08-15 21:50 - 00010575 _____ C:\Users\Jana\Desktop\hijackthis.log 2013-08-15 21:45 - 2013-08-15 21:45 - 00007834 _____ C:\AdwCleaner[R5].txt 2013-08-15 21:39 - 2013-08-15 21:39 - 00666633 _____ C:\Users\Jana\Downloads\adwcleaner(2).exe 2013-08-15 21:39 - 2013-08-15 21:39 - 00666633 _____ C:\Users\Jana\Downloads\adwcleaner(1).exe 2013-08-15 21:38 - 2013-08-15 21:38 - 00001120 _____ C:\Users\Jana\Desktop\Continue Zip Opener Installation.lnk 2013-08-15 21:37 - 2013-08-15 21:38 - 00714352 _____ C:\Users\Jana\Downloads\ZipOpenerSetup.exe 2013-08-15 21:17 - 2013-08-15 21:17 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-08-15 21:17 - 2013-08-15 21:17 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Mozilla 2013-08-15 21:17 - 2013-08-15 21:17 - 00000000 ____D C:\Users\Jana\AppData\Local\Mozilla 2013-08-15 21:17 - 2013-08-15 21:17 - 00000000 ____D C:\ProgramData\Mozilla 2013-08-15 21:17 - 2013-08-15 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-15 21:16 - 2013-08-15 21:16 - 00000000 ____D C:\Users\Jana\AppData\Local\avgchrome 2013-08-15 21:15 - 2013-08-15 21:15 - 00281896 _____ (Mozilla) C:\Users\Jana\Downloads\Firefox Setup Stub 23.0.exe 2013-08-15 21:14 - 2013-08-15 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-15 21:14 - 2013-08-15 21:14 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-08-15 21:14 - 2013-08-15 21:14 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-08-15 21:13 - 2013-08-15 21:21 - 00000000 ____D C:\Program Files (x86)\DealPly 2013-08-15 21:13 - 2013-08-15 21:13 - 21840856 _____ (Mozilla) C:\Users\Jana\Downloads\Firefox_Setup [1].exe 2013-08-15 21:13 - 2013-08-15 21:13 - 00003222 _____ C:\Windows\System32\Tasks\Dealply 2013-08-15 21:13 - 2013-08-15 21:13 - 00000286 _____ C:\Windows\Tasks\Dealply.job 2013-08-15 21:13 - 2013-08-15 21:13 - 00000000 ____D C:\Users\Jana\AppData\Local\DealPlyLive 2013-08-15 21:12 - 2013-08-15 21:12 - 00000000 ____D C:\ProgramData\Babylon 2013-08-15 21:11 - 2013-08-15 21:12 - 00607368 _____ C:\Users\Jana\Downloads\Firefox_Setup.exe 2013-08-15 21:08 - 2013-08-15 21:08 - 00066181 _____ C:\Users\Jana\Downloads\net-internals-log.json 2013-08-15 20:51 - 2013-08-15 20:56 - 00010373 _____ C:\Users\Jana\Downloads\hijackthis.log 2013-08-15 20:50 - 2013-08-15 20:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jana\Downloads\HiJackThis204.exe 2013-08-15 20:23 - 2013-08-15 20:23 - 00001143 _____ C:\AdwCleaner[S2].txt 2013-08-15 20:22 - 2013-08-15 20:23 - 00001080 _____ C:\AdwCleaner[R4].txt 2013-08-15 20:17 - 2013-08-15 20:18 - 00001019 _____ C:\AdwCleaner[R3].txt 2013-08-15 20:11 - 2013-08-15 20:12 - 00289798 _____ C:\Users\Jana\Downloads\filsh-0.0.5.crx 2013-08-15 12:11 - 2013-08-15 12:11 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-08-15 12:10 - 2013-08-15 12:11 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-15 12:10 - 2013-08-15 12:11 - 00000000 ____D C:\Program Files\iTunes 2013-08-15 12:10 - 2013-08-15 12:11 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-08-15 12:10 - 2013-08-15 12:10 - 00000000 ____D C:\Program Files\iPod 2013-08-15 12:03 - 2013-08-15 12:03 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-15 12:03 - 2013-08-15 12:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-15 12:03 - 2013-08-15 12:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-15 12:03 - 2013-08-15 12:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-15 12:03 - 2013-08-15 12:03 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-15 11:52 - 2013-08-15 11:52 - 00007534 _____ C:\AdwCleaner[S1].txt 2013-08-15 11:50 - 2013-08-15 11:51 - 00007574 _____ C:\AdwCleaner[R2].txt 2013-08-15 11:42 - 2013-08-15 11:43 - 00007514 _____ C:\AdwCleaner[R1].txt 2013-08-15 11:41 - 2013-08-15 11:41 - 00666633 _____ C:\Users\Jana\Downloads\adwcleaner.exe 2013-08-15 10:42 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-15 10:42 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-15 10:42 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-15 10:42 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-15 10:42 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-15 10:42 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-15 10:42 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-15 10:42 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-15 10:42 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-15 10:42 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-15 10:41 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-15 10:41 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-15 10:41 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-15 10:41 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-15 10:41 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-15 10:41 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-15 10:41 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-15 10:41 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-15 10:41 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-15 10:41 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-15 10:41 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-15 10:41 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-15 10:41 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-15 10:41 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-15 10:41 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-15 10:41 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-15 10:41 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-15 10:41 - 2012-11-30 07:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-08-15 10:41 - 2012-11-30 07:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-08-15 10:41 - 2012-11-30 07:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-08-15 10:41 - 2012-11-30 07:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-08-15 10:41 - 2012-11-30 07:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-08-15 10:41 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 05:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-08-15 10:41 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-15 10:41 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-08-15 10:38 - 2013-08-15 23:39 - 00000000 ____D C:\Users\Jana\Desktop\Urlaubsmusik 2013-08-08 11:20 - 2013-08-08 11:20 - 00000000 ____D C:\Users\Jana\AppData\Local\Swiss Academic Software 2013-08-08 11:19 - 2013-08-08 11:21 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Swiss Academic Software 2013-08-08 11:19 - 2013-08-08 11:20 - 00000000 ____D C:\Users\Jana\Documents\Citavi 4 2013-08-08 11:17 - 2013-08-08 11:17 - 00001949 _____ C:\Users\Public\Desktop\Citavi 4.lnk 2013-08-08 11:17 - 2013-08-08 11:17 - 00000000 ____D C:\ProgramData\Swiss Academic Software 2013-08-08 11:15 - 2013-08-08 11:17 - 00000000 ____D C:\Program Files (x86)\Citavi 4 2013-08-08 11:14 - 2013-08-08 11:14 - 00000000 ____D C:\Users\Jana\AppData\Local\Downloaded Installations 2013-08-08 11:00 - 2013-08-08 11:04 - 84968424 _____ (Swiss Academic Software) C:\Users\Jana\Downloads\Citavi4Setup.exe 2013-08-08 10:52 - 2013-08-08 10:52 - 00189440 _____ C:\Users\Jana\Downloads\Lieder.ctv4 2013-08-05 11:17 - 2013-08-05 11:47 - 00000000 ____D C:\Users\Public\Documents\Zimmer 2013-07-31 10:38 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-31 10:38 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-31 10:30 - 2013-07-31 10:30 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Snz 2013-07-30 15:59 - 2013-07-30 15:59 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner 2013-07-30 15:46 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-30 15:46 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-30 15:45 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= 2013-08-25 19:08 - 2013-08-25 19:08 - 00000000 ____D C:\FRST 2013-08-25 19:01 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-25 19:01 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-25 18:57 - 2013-08-25 18:57 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-25 18:57 - 2013-08-25 18:57 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Malwarebytes 2013-08-25 18:57 - 2013-08-25 18:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-25 18:57 - 2013-08-25 18:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-25 18:57 - 2013-08-25 18:56 - 01576630 _____ (Farbar) C:\Users\Jana\Downloads\FRST64.exe 2013-08-25 18:56 - 2013-08-25 18:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jana\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-25 18:47 - 2013-08-15 22:08 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-25 18:47 - 2013-08-15 22:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-25 18:47 - 2012-10-15 20:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-25 18:47 - 2012-10-15 20:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-25 18:47 - 2012-10-15 20:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-25 18:16 - 2012-10-15 19:57 - 01396539 _____ C:\Windows\WindowsUpdate.log 2013-08-25 17:11 - 2012-10-15 21:02 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Dropbox 2013-08-25 16:54 - 2012-10-15 21:57 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{26D43684-FD8A-416C-9FAC-074EDE87A16C} 2013-08-25 16:49 - 2012-10-15 21:09 - 00000000 ___RD C:\Users\Jana\Dropbox 2013-08-25 16:45 - 2012-10-15 20:20 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-25 16:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-25 16:45 - 2009-07-14 06:51 - 00046361 _____ C:\Windows\setupact.log 2013-08-25 16:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2013-08-25 16:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-08-16 20:03 - 2012-10-16 08:34 - 00012062 _____ C:\Windows\PFRO.log 2013-08-16 20:03 - 2012-10-15 20:20 - 00000000 ____D C:\Program Files\Google 2013-08-16 20:03 - 2012-10-15 20:20 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-15 23:39 - 2013-08-15 10:38 - 00000000 ____D C:\Users\Jana\Desktop\Urlaubsmusik 2013-08-15 22:09 - 2013-08-15 22:09 - 00000000 ____D C:\Users\Jana\AppData\Local\Macromedia 2013-08-15 22:06 - 2013-08-15 22:06 - 01069032 _____ (Solid State Networks) C:\Users\Jana\Downloads\install_flashplayer11x32_ltr5x64d_awc_aih.exe 2013-08-15 21:50 - 2013-08-15 21:50 - 00010575 _____ C:\Users\Jana\Desktop\hijackthis.log 2013-08-15 21:45 - 2013-08-15 21:45 - 00007834 _____ C:\AdwCleaner[R5].txt 2013-08-15 21:39 - 2013-08-15 21:39 - 00666633 _____ C:\Users\Jana\Downloads\adwcleaner(2).exe 2013-08-15 21:39 - 2013-08-15 21:39 - 00666633 _____ C:\Users\Jana\Downloads\adwcleaner(1).exe 2013-08-15 21:38 - 2013-08-15 21:38 - 00001120 _____ C:\Users\Jana\Desktop\Continue Zip Opener Installation.lnk 2013-08-15 21:38 - 2013-08-15 21:37 - 00714352 _____ C:\Users\Jana\Downloads\ZipOpenerSetup.exe 2013-08-15 21:21 - 2013-08-15 21:13 - 00000000 ____D C:\Program Files (x86)\DealPly 2013-08-15 21:17 - 2013-08-15 21:17 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-08-15 21:17 - 2013-08-15 21:17 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Mozilla 2013-08-15 21:17 - 2013-08-15 21:17 - 00000000 ____D C:\Users\Jana\AppData\Local\Mozilla 2013-08-15 21:17 - 2013-08-15 21:17 - 00000000 ____D C:\ProgramData\Mozilla 2013-08-15 21:17 - 2013-08-15 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-15 21:17 - 2013-08-15 21:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-15 21:16 - 2013-08-15 21:16 - 00000000 ____D C:\Users\Jana\AppData\Local\avgchrome 2013-08-15 21:15 - 2013-08-15 21:15 - 00281896 _____ (Mozilla) C:\Users\Jana\Downloads\Firefox Setup Stub 23.0.exe 2013-08-15 21:14 - 2013-08-15 21:14 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-08-15 21:14 - 2013-08-15 21:14 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-08-15 21:13 - 2013-08-15 21:13 - 21840856 _____ (Mozilla) C:\Users\Jana\Downloads\Firefox_Setup [1].exe 2013-08-15 21:13 - 2013-08-15 21:13 - 00003222 _____ C:\Windows\System32\Tasks\Dealply 2013-08-15 21:13 - 2013-08-15 21:13 - 00000286 _____ C:\Windows\Tasks\Dealply.job 2013-08-15 21:13 - 2013-08-15 21:13 - 00000000 ____D C:\Users\Jana\AppData\Local\DealPlyLive 2013-08-15 21:12 - 2013-08-15 21:12 - 00000000 ____D C:\ProgramData\Babylon 2013-08-15 21:12 - 2013-08-15 21:11 - 00607368 _____ C:\Users\Jana\Downloads\Firefox_Setup.exe 2013-08-15 21:08 - 2013-08-15 21:08 - 00066181 _____ C:\Users\Jana\Downloads\net-internals-log.json 2013-08-15 20:56 - 2013-08-15 20:51 - 00010373 _____ C:\Users\Jana\Downloads\hijackthis.log 2013-08-15 20:51 - 2012-10-15 20:04 - 00000000 ____D C:\Users\Jana\AppData\Local\VirtualStore 2013-08-15 20:50 - 2013-08-15 20:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jana\Downloads\HiJackThis204.exe 2013-08-15 20:45 - 2012-10-15 20:20 - 00000000 ____D C:\Users\Jana\AppData\Local\Google 2013-08-15 20:45 - 2012-10-15 20:20 - 00000000 ____D C:\ProgramData\Google 2013-08-15 20:42 - 2012-10-17 15:46 - 00000000 ___RD C:\Users\Jana\Documents\Pfadfinder 2013-08-15 20:41 - 2012-10-17 15:48 - 00000000 ____D C:\Users\Jana\Documents\Uni 2013-08-15 20:23 - 2013-08-15 20:23 - 00001143 _____ C:\AdwCleaner[S2].txt 2013-08-15 20:23 - 2013-08-15 20:22 - 00001080 _____ C:\AdwCleaner[R4].txt 2013-08-15 20:18 - 2013-08-15 20:17 - 00001019 _____ C:\AdwCleaner[R3].txt 2013-08-15 20:12 - 2013-08-15 20:11 - 00289798 _____ C:\Users\Jana\Downloads\filsh-0.0.5.crx 2013-08-15 14:31 - 2013-05-26 13:16 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2013-08-15 12:11 - 2013-08-15 12:11 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-08-15 12:11 - 2013-08-15 12:10 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-15 12:11 - 2013-08-15 12:10 - 00000000 ____D C:\Program Files\iTunes 2013-08-15 12:11 - 2013-08-15 12:10 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-08-15 12:10 - 2013-08-15 12:10 - 00000000 ____D C:\Program Files\iPod 2013-08-15 12:03 - 2013-08-15 12:03 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-15 12:03 - 2013-08-15 12:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-15 12:03 - 2013-08-15 12:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-15 12:03 - 2013-08-15 12:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-15 12:03 - 2013-08-15 12:03 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-15 12:03 - 2012-11-23 12:52 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-08-15 12:03 - 2012-11-23 12:52 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-15 11:52 - 2013-08-15 11:52 - 00007534 _____ C:\AdwCleaner[S1].txt 2013-08-15 11:51 - 2013-08-15 11:50 - 00007574 _____ C:\AdwCleaner[R2].txt 2013-08-15 11:43 - 2013-08-15 11:42 - 00007514 _____ C:\AdwCleaner[R1].txt 2013-08-15 11:41 - 2013-08-15 11:41 - 00666633 _____ C:\Users\Jana\Downloads\adwcleaner.exe 2013-08-15 10:40 - 2012-10-15 21:36 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Spotify 2013-08-15 10:23 - 2012-10-15 21:36 - 00000000 ____D C:\Users\Jana\AppData\Local\Spotify 2013-08-08 11:21 - 2013-08-08 11:19 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Swiss Academic Software 2013-08-08 11:20 - 2013-08-08 11:20 - 00000000 ____D C:\Users\Jana\AppData\Local\Swiss Academic Software 2013-08-08 11:20 - 2013-08-08 11:19 - 00000000 ____D C:\Users\Jana\Documents\Citavi 4 2013-08-08 11:17 - 2013-08-08 11:17 - 00001949 _____ C:\Users\Public\Desktop\Citavi 4.lnk 2013-08-08 11:17 - 2013-08-08 11:17 - 00000000 ____D C:\ProgramData\Swiss Academic Software 2013-08-08 11:17 - 2013-08-08 11:15 - 00000000 ____D C:\Program Files (x86)\Citavi 4 2013-08-08 11:14 - 2013-08-08 11:14 - 00000000 ____D C:\Users\Jana\AppData\Local\Downloaded Installations 2013-08-08 11:11 - 2012-10-16 05:53 - 00702436 _____ C:\Windows\system32\perfh007.dat 2013-08-08 11:11 - 2012-10-16 05:53 - 00150044 _____ C:\Windows\system32\perfc007.dat 2013-08-08 11:11 - 2009-07-14 07:13 - 01643004 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-08 11:10 - 2013-07-10 18:08 - 01567776 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-08-08 11:04 - 2013-08-08 11:00 - 84968424 _____ (Swiss Academic Software) C:\Users\Jana\Downloads\Citavi4Setup.exe 2013-08-08 10:52 - 2013-08-08 10:52 - 00189440 _____ C:\Users\Jana\Downloads\Lieder.ctv4 2013-08-06 14:29 - 2013-05-26 13:15 - 00000000 ____D C:\Program Files\My Dell 2013-08-06 14:29 - 2012-10-22 22:46 - 00000000 ____D C:\ProgramData\PCDr 2013-08-05 11:47 - 2013-08-05 11:17 - 00000000 ____D C:\Users\Public\Documents\Zimmer 2013-08-01 11:09 - 2009-07-14 06:45 - 00425104 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-31 18:41 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-31 18:41 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-31 18:41 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-31 10:52 - 2012-10-15 20:22 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-07-31 10:30 - 2013-07-31 10:30 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Snz 2013-07-30 15:59 - 2013-07-30 15:59 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner 2013-07-30 15:43 - 2013-07-19 22:23 - 00000000 ____D C:\Users\Jana\AppData\Local\DTAG 2013-07-30 15:41 - 2012-12-20 10:39 - 00007680 _____ C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-26 07:13 - 2013-08-16 20:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-26 07:13 - 2013-08-16 20:17 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-26 07:13 - 2013-08-16 20:17 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-26 07:12 - 2013-08-16 20:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-26 07:12 - 2013-08-16 20:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-26 07:12 - 2013-08-16 20:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-26 07:12 - 2013-08-16 20:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-26 07:12 - 2013-08-16 20:17 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-26 07:12 - 2013-08-16 20:17 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-26 07:12 - 2013-08-16 20:17 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-26 07:12 - 2013-08-16 20:17 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-26 07:12 - 2013-08-16 20:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-26 07:12 - 2013-08-16 20:17 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-26 07:12 - 2013-08-16 20:17 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-26 05:35 - 2013-08-16 20:18 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-26 05:13 - 2013-08-16 20:17 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-26 05:13 - 2013-08-16 20:17 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-26 05:12 - 2013-08-16 20:18 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-26 05:12 - 2013-08-16 20:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-26 05:12 - 2013-08-16 20:18 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-26 05:12 - 2013-08-16 20:17 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-26 05:12 - 2013-08-16 20:17 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-26 05:12 - 2013-08-16 20:17 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-26 05:12 - 2013-08-16 20:17 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-26 05:12 - 2013-08-16 20:17 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-26 05:12 - 2013-08-16 20:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-26 05:11 - 2013-08-16 20:18 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-26 05:11 - 2013-08-16 20:17 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-26 04:49 - 2013-08-16 20:18 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-26 04:39 - 2013-08-16 20:18 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-26 03:59 - 2013-08-16 20:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe Files to move or delete: ==================== C:\Users\Jana\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe C:\Users\Jana\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe C:\Users\Jana\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Jana\AppData\Local\Temp\uninst1.exe C:\Users\Jana\AppData\Local\Temp\SDIAG_959d641d-afeb-4c3a-8481-4b91aea9dfb5\DiagPackage.dll C:\Users\Jana\AppData\Local\Temp\SDIAG_959d641d-afeb-4c3a-8481-4b91aea9dfb5\de-DE\DiagPackage.dll.mui C:\Users\Jana\AppData\Local\Temp\nsvCF51.tmp\replacebf.dll C:\Users\Jana\AppData\Local\Temp\nsvCF51.tmp\sqlite3.dll C:\Users\Jana\AppData\Local\Temp\nsvCF51.tmp\uph.dll C:\Users\Jana\AppData\Local\Temp\nsvCF51.tmp\userid.dll C:\Users\Jana\AppData\Local\Temp\nsvCE76.tmp\snz_rt.exe C:\Users\Jana\AppData\Local\Temp\nsqC968.tmp\uph.dll C:\Users\Jana\AppData\Local\Temp\is357113909\distro-amzn-ironsource-rs-2.exe C:\Users\Jana\AppData\Local\Temp\is357113909\OpenItSetup.exe C:\Users\Jana\AppData\Local\Temp\is1275519350\2858383_Setup.EXE C:\Users\Jana\AppData\Local\Temp\is1275519350\dp.exe C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\BExternal.dll C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\BUSolForMontiera.dll C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\ccp.exe C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\ChromeToolbarSetup.dll C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\CrxInstaller.dll C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\enhancedNT.dll C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\GUninstaller.exe C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\IEHelper.dll C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\MntrDLLInstall.dll C:\Users\Jana\AppData\Local\Temp\BF4AEC53-BAB0-7891-A526-04600305B79B\Latest\sqlite3.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-15 12:31 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2013 02 Ran by Jana at 2013-08-25 19:10:21 Running from C:\Users\Jana\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Advanced Audio FX Engine (x32 Version: 1.12.05) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) avast! Free Antivirus (x32 Version: 7.0.1474.0) Bonjour (Version: 3.0.0.10) Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7) Citavi 4 (x32 Version: 4.1.0.3) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6514.5001) Dell Resource CD (x32 Version: 1.00.0000) Dell System Detect (HKCU Version: 3.3.2.0) Dell V505 (x32) Dell Webcam Central (x32 Version: 1.40.05) Dropbox (HKCU Version: 2.0.22) Google Chrome (x32 Version: 28.0.1500.95) Google Update Helper (x32 Version: 1.3.21.153) iCloud (Version: 2.1.2.8) iTunes (Version: 11.0.4.4) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) l V505 Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) McAfee Security Scan Plus (x32 Version: 3.0.318.3) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (x32 Version: 12.0.4518.1014) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Mozilla Firefox 23.0 (x86 en-US) (x32 Version: 23.0) Mozilla Maintenance Service (x32 Version: 23.0) My Dell (Version: 3.3.6280.92) Picasa 3 (x32 Version: 3.9) RUBICon (x32 Version: 2.0.25) SCR3xxx Smart Card Reader (x32 Version: 8.40) Skype™ 6.1 (x32 Version: 6.1.129) Spotify (HKCU Version: 0.9.1.57.ge7405149) WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0) WinRAR 4.20 (64-Bit) (Version: 4.20.0) ==================== Restore Points ========================= 05-08-2013 09:11:06 Windows Update 08-08-2013 09:14:44 Installed Citavi 4. 09-08-2013 09:08:43 Windows Update 15-08-2013 08:35:52 Windows Update 15-08-2013 10:01:57 Installed Java 7 Update 25 15-08-2013 18:30:55 Removed Vodafone Mobile Connect Lite. 15-08-2013 18:35:44 Removed Vodafone Mobile Connect Lite. 15-08-2013 18:38:36 IKEA Home Planner wird entfernt 15-08-2013 18:43:33 Removed ABBYY FineReader 6.0 Sprint 16-08-2013 18:07:27 Windows Update 25-08-2013 14:51:22 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {00DA140B-E8C0-4913-B13A-A78C00CBE5F6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-07-18] (PC-Doctor, Inc.) Task: {28AC4CD2-0B28-492E-8977-8475F4F4F8A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.) Task: {4787E8A9-8DF1-42F9-B0E0-F5808AEBCDB2} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {521834E8-C275-4943-835E-568434C42341} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.) Task: {5324F783-5D72-4DB2-8B82-DB20A8432BA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5D08FF32-8F22-4E04-AD4F-2DDC30B94959} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe No File Task: {67BB0024-BD2D-4495-BA98-2B85C87C8453} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25] (Adobe Systems Incorporated) Task: {7C3A28BF-FCD7-435F-B213-8B69A07AF3AF} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Dell V505\dldwamon.exe [2008-06-05] () Task: {946A7AEF-CBAA-45BE-A065-BD41019BE402} - System32\Tasks\User_Feed_Synchronization-{26D43684-FD8A-416C-9FAC-074EDE87A16C} => C:\Windows\system32\msfeedssync.exe [2013-07-19] (Microsoft Corporation) Task: {C12CBB97-4924-4513-9887-9A53FE78B5E6} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe No File Task: {DA03DC81-B691-4F67-A90F-742BB82C07FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.) Task: {DD49E304-7D19-404D-85A9-C45EA4CB8C9E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {E50299AF-2F16-4562-BEA0-CE6ACF1FA673} - System32\Tasks\Dealply => C:\Users\Jana\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No File Task: {E983C34B-337F-4169-871F-9936996CACC8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-31] (AVAST Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Dealply.job => C:\Users\Jana\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Smartcard Description: Smartcard Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/15/2013 11:31:03 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (08/15/2013 11:31:03 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (08/15/2013 09:14:25 PM) (Source: MsiInstaller) (User: Jana-PC) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\GoogleUpdateHelper.msi Error: (08/15/2013 08:38:18 PM) (Source: Microsoft-Windows-RestartManager) (User: Jana-PC) Description: Die Anwendung oder der Dienst "Vodafone Mobile Connect Service" konnte nicht neu gestartet werden. Error: (08/15/2013 08:25:47 PM) (Source: VMCService) (User: ) Description: conflictManagerTypeValue Error: (08/15/2013 00:13:49 PM) (Source: VMCService) (User: ) Description: conflictManagerTypeValue Error: (08/15/2013 11:54:49 AM) (Source: VMCService) (User: ) Description: GetLoggedOnUser Error: (08/15/2013 11:54:46 AM) (Source: VMCService) (User: ) Description: GetLoggedOnUser Error: (08/15/2013 11:54:26 AM) (Source: VMCService) (User: ) Description: conflictManagerTypeValue Error: (08/09/2013 04:25:29 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9236 System errors: ============= Error: (08/25/2013 05:53:17 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 47. Error: (08/25/2013 05:53:17 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 47. Error: (08/25/2013 05:53:17 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 47. Error: (08/25/2013 05:53:17 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 47. Error: (08/25/2013 05:53:17 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 47. Error: (08/25/2013 05:53:17 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 47. Error: (08/25/2013 05:53:17 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 47. Error: (08/25/2013 05:53:17 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 47. Error: (08/25/2013 05:53:17 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 47. Error: (08/25/2013 05:53:17 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 47. Microsoft Office Sessions: ========================= Error: (06/03/2013 02:41:39 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 3729 seconds with 1080 seconds of active time. This session ended with a crash. Error: (12/19/2012 07:20:51 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22782 seconds with 5880 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 51% Total physical RAM: 4060.86 MB Available physical RAM: 1983.46 MB Total Pagefile: 8119.89 MB Available Pagefile: 5732.68 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:319.71 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 10264032) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Gruß ruhtiputhi Edit: Nach Neustarten des Laptops erscheint erneut die fb downloader Suchmaschine als Startseite. Geändert von ruhtiputhi (25.08.2013 um 18:18 Uhr) |
|
25.08.2013, 20:01
| #4 |
| /// the machine /// TB-Ausbilder | Browser-Hijacking: FBDownloader / Deltasearch / Dealply in welchem Browser? ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Browser-Hijacking: FBDownloader / Deltasearch / Dealply |
| acrobat update, adw cleaner, antivirus, browser, downloader, explorer, hijackthis, hkus\s-1-5-18, homepage, internet browser, internet explorer, plug-in, pup.babylon.a, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.datamngr, pup.optional.dealply.a, pup.optional.delta, pup.optional.delta.a, pup.optional.installcore.a, pup.optional.lyricxeeker.a, pup.optional.softonic, registrierungsdatenbank, snoozer, software, suchmaschine, windows |
Linear-Darstellung
