| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: neue Tabs mit Werbung in Google ChromeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.09.2013, 05:55
| #1 |
 |  neue Tabs mit Werbung in Google Chrome Hallo! Bei der Suche nach der Lösung meines Problems bin ich auf einen anderen Thread hier gestossen und wollte dort eigentlich antworten. Ich sah dann aber einen Hinweis, dass ich ein eigenes Thema eröffnen soll, was ich hiermit tue: Wenn ich länger nicht am PC bin und ich wieder komme, dann habe ich im Chrome meistens einen neuen Tab mit irgendeiner Werbung (zb. dass irgendwelche Dateien infiziert sind etc., oben aber eindeutig Links im Adressfenster zu dubiosen Seiten). Ich habe sämtliche Erweiterungen deaktiviert und weiß nun nicht mehr weiter. Dass ich illegale Software auf meinem PC habe, wäre mir nicht bekannt, ich habe ihn auch erst seit kurzem in Betrieb. Jedenfalls besuchte ich wissentlich noch keine Seiten, wo ich irgendwas illegales hätte runterladen wollen. Nun habe ich bereits die Anleitung aus dem anderen Thread befolgt und bin beim Punkt die Logfile hier aufzulisten. Ich habe hoffentlich nix falsch gemacht, bei mir sind die enorm gross -.- Code:
ATTFilter OTL Extras logfile created on: 07.09.2013 06:28:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gabriela\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,46 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 53,23% Memory free
6,92 Gb Paging File | 3,85 Gb Available in Paging File | 55,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 56,67 Gb Free Space | 58,03% Space Free | Partition Type: NTFS
Drive D: | 51,51 Gb Total Space | 44,61 Gb Free Space | 86,61% Space Free | Partition Type: NTFS
Drive E: | 32,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 97,65 Gb Total Space | 53,73 Gb Free Space | 55,03% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 47,74 Gb Free Space | 97,76% Space Free | Partition Type: NTFS
Drive P: | 195,31 Gb Total Space | 191,70 Gb Free Space | 98,15% Space Free | Partition Type: NTFS
Drive R: | 292,97 Gb Total Space | 280,77 Gb Free Space | 95,84% Space Free | Partition Type: NTFS
Drive S: | 48,83 Gb Total Space | 43,10 Gb Free Space | 88,28% Space Free | Partition Type: NTFS
Drive U: | 100,00 Mb Total Space | 39,49 Mb Free Space | 39,49% Space Free | Partition Type: NTFS
Drive V: | 97,66 Gb Total Space | 71,96 Gb Free Space | 73,69% Space Free | Partition Type: NTFS
Computer Name: GABRIELA-PC | User Name: Gabriela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0960C59D-8D44-490F-ACFF-EDBCAA788BF4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1555B431-D86A-466A-B0B5-00EA418F5405}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C3F91D3-9BE8-4670-B584-191562C05D90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3F0CB73A-4640-4B7B-A0AC-524E66E23823}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{428A940A-6087-4735-A9E0-4BFC2625AEF5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58014824-DFE1-4EC7-9100-EE5A3A9C4F5D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5975C795-53C2-482B-AE8F-011DD636ED42}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D482791-B90B-4E3D-A039-EBEE58C35CBE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{79AF5ED0-9E7C-4FE2-A077-1DA5387CF7E3}" = lport=139 | protocol=6 | dir=in | app=system |
"{87770BB6-0289-4F7F-BAE8-6E4D65A8BB8B}" = rport=138 | protocol=17 | dir=out | app=system |
"{9506FD03-F3A3-4FED-A397-DF4CD8058CEC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{967228C6-DF1C-4616-B5AB-CE7A8580F11F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4F946B1-5AEE-480C-8DFB-13CE8EB6AEA0}" = lport=137 | protocol=17 | dir=in | app=system |
"{A510354A-F64C-45D3-BA19-A6C21726CE61}" = rport=137 | protocol=17 | dir=out | app=system |
"{AA3024E4-7B6A-4F24-93B1-141943BFA3B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AEFCE2B7-19F5-4FB0-9967-EE8CE07C221F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B43AF6DC-44F2-4D97-A644-E6025BDF316A}" = lport=138 | protocol=17 | dir=in | app=system |
"{B47C1204-38BF-46D4-93CC-C59A0303CA8D}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3895219-9267-4274-A189-492D9B0081C2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4011088-0AF8-4432-B56F-01A2D95D8C5F}" = rport=445 | protocol=6 | dir=out | app=system |
"{D63C74F5-9DCE-4F49-A501-D838905BB8A3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E20EF042-24E4-42CE-B259-0B1610C8554A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEF6637B-BF52-49A5-B7AF-FA7EA75D3DB0}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13518798-D14A-4542-8564-4207EFBE36E3}" = protocol=17 | dir=in | app=p:\spamihilator\cdcc.exe |
"{3AAEDFC3-0AC1-4584-A031-DC728EE6C137}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B64202D-1885-4AF2-94BC-5D989B9BC140}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3C96907D-C0CA-4380-ACF5-8D0411AA516F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E848B83-2007-448D-AA8B-3F877C3BEC12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54B7449D-873B-47C9-A6F8-C7672EE57178}" = protocol=6 | dir=in | app=p:\spamihilator\dccproc.exe |
"{606461B9-2994-4AF6-9726-783DCBF5A02D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6300EF98-F753-4AAD-A167-A647A9D98A8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77534A23-8078-41D1-9572-321ACBFA281C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{783C9FE4-2053-4476-9878-C5262E3070C3}" = protocol=17 | dir=in | app=p:\spamihilator\spamihilator.exe |
"{78E074B7-0719-4AE5-99AD-4E0BEBF2AD99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7E073E6F-687E-4D5E-A00E-10CF7C485FD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7EA4C7F9-1F38-4942-8CB8-BA45B7D9A4FE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85832019-5E10-4687-9BE8-ECC6260C4DFB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{86EB25C2-2E6C-4A5E-9FB9-599584FD4880}" = protocol=6 | dir=in | app=p:\spamihilator\spamihilator.exe |
"{87E247BE-FD07-4D61-AD4A-D41A4C8A217D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9073E3B4-B87C-4541-A9EE-AD5FF2704CE2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9466CA56-69B5-47D4-8AEA-6C495E83EA84}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A0CA206-2DE9-48C3-BCFD-15F166525E2B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9C676ADF-D3B0-48C9-B414-3F341955705D}" = protocol=6 | dir=in | app=p:\spamihilator\cdcc.exe |
"{A1C6F271-E382-413D-9F27-92B1042FB32F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8B701A0-EC2C-417D-A109-410189AEDB15}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B2003FF5-9B1D-44D7-8CDB-9B6D9CCB71B6}" = protocol=17 | dir=in | app=p:\spamihilator\dccproc.exe |
"{C0B4056E-B896-435C-BBE5-FF8029F17959}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C453E57E-8B27-4897-982A-DBE4961C21F0}" = protocol=6 | dir=out | app=system |
"{CB2332EA-77AC-41DE-AD54-8B1B22BDC0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D1F5EB6E-5E23-4366-910E-B0D882117CFC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E28EF5E9-49A0-4D12-8DCC-A57DE223A3CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E67C92FB-8A88-427A-87E1-102DB7F7019A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7A6AB4C-C65C-4889-92A6-B8DC2332B315}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EA651A48-C106-40CB-B6AD-C77746D2D3C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB5DA29D-6691-4050-9BF7-F858EB0A65FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4C575AE-374C-4947-8105-FC51EBAB558F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F61E734A-919A-408C-9AAC-2BC23D022337}" = protocol=6 | dir=in | app=c:\users\gabriela\appdata\roaming\dropbox\bin\dropbox.exe |
"{FBDDE6BC-EE48-4EA5-869A-48E74D2690B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEB6082A-A84F-4658-A958-69CCF5A040DA}" = protocol=17 | dir=in | app=c:\users\gabriela\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{520E81B0-E915-499E-98C8-E5A9BD058805}C:\users\gabriela\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\gabriela\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{93B9AA98-C225-4E52-A3C6-0A9BD8430515}P:\spamihilator\dccproc.exe" = protocol=6 | dir=in | app=p:\spamihilator\dccproc.exe |
"UDP Query User{4D0D7120-C8FB-4EC4-B0AB-18F985361B78}P:\spamihilator\dccproc.exe" = protocol=17 | dir=in | app=p:\spamihilator\dccproc.exe |
"UDP Query User{D368F0AF-365F-461F-ABA9-13739867D39A}C:\users\gabriela\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\gabriela\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13FA8663-C576-9585-8C63-9DF9C1A9015C}" = AMD Accelerated Video Transcoding
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{327B64E9-2718-68F9-833D-3F9498FF1D11}" = AMD Media Foundation Decoders
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7296C445-3261-4BDD-D1DC-2AE5171F660E}" = AMD Catalyst Install Manager
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7E43D07E-9B86-F0B7-37CE-51DBBB47BE46}" = AMD Drag and Drop Transcoding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E0E3D24-7670-3166-8FC4-791C179ACC2A}" = AMD Fuel
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF2ADE6E-7ECD-3C68-FC6A-DBE300EACD94}" = AMD AVIVO64 Codecs
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F41AB554-F6BF-8870-49E5-A3971302348D}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.6
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{1126B2F9-C545-C5B6-0EEA-5737E846238C}" = CCC Help Norwegian
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E75A0E0-E9D8-2851-861B-7E2C79B1CCFC}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206E912D-9E59-43C2-3FD1-9A9916B28922}" = CCC Help English
"{207E9B74-F4D3-4FD7-8142-16FF41825BC4}_is1" = Secure Banking Version 1.5.1
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{22970329-0551-ED14-67A5-63BAC01038BC}" = Catalyst Control Center Localization All
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BBCB7D2-55AA-4156-92B7-CE870624B3AB}" = Spamihilator 1.5.0 (32-Bit)
"{2C734E02-FF96-40D6-58B4-6C24752B4BCB}" = CCC Help Dutch
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34ADE596-AB21-9BFA-9FBE-28F81AD4165C}" = AMD VISION Engine Control Center
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{454B35B8-C4D3-FD8D-9BCB-A13F3AA6FE8B}" = CCC Help Swedish
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6929916A-7285-B3D1-AD79-3C42332358F1}" = Catalyst Control Center InstallProxy
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{759959C2-B093-8CBB-1274-9FB426882C56}" = CCC Help French
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{8578664C-F9AB-43E4-49A6-8B8F4C1D8C02}" = CCC Help Danish
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8823A2D4-7B81-9830-9265-E2816A1753BD}" = CCC Help Finnish
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}" = Belkin N300 Micro USB Wireless Adapter
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B42C2678-7933-3040-B07C-4C4604277206}" = CCC Help Japanese
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E79E408F-87E6-801E-2C36-CCF18681B759}" = CCC Help Italian
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EC62C6DB-8E3F-F60F-8735-B5318B1C20AB}" = CCC Help German
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0559C5E-7912-4391-B1A0-6B975F0E5064}" = watchmi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free Studio_is1" = Free Studio version 2013
"Ge org Internet Manager" = Ge org Internet Manager
"Google Chrome" = Google Chrome
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Paint Shop Pro 5.01" = Paint Shop Pro 5.01 CD
"PCSUITE_SHREDDER_PRO_is1" = PCSUITE SHREDDER
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2949166557-3930466050-1292464765-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"DSite" = Update for Audio Converter
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.01.2013 18:50:25 | Computer Name = Gabriela-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
kl2. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 24.01.2013 18:50:25 | Computer Name = Gabriela-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
Kaspersky Lab Driver. System Error: Das System kann die angegebene Datei nicht finden.
.
Error - 24.01.2013 18:50:25 | Computer Name = Gabriela-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
Kaspersky Lab KLMOUFLT. System Error: Das System kann die angegebene Datei nicht
finden. .
Error - 03.03.2013 04:13:16 | Computer Name = Gabriela-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 03.03.2013 04:13:17 | Computer Name = Gabriela-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 04.04.2013 03:58:10 | Computer Name = Gabriela-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Paint Shop Pro.exe, Version: 8.0.3.0,
Zeitstempel: 0x3f0af660 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b83c8a Ausnahmecode: 0xc0000002 Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0xf50 Startzeit der fehlerhaften Anwendung: 0x01ce3109a461feb8 Pfad der
fehlerhaften Anwendung: P:\Jasc Paint Shop Pro 8\Paint Shop Pro.exe Pfad des fehlerhaften
Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 63dd9076-9cfd-11e2-8e47-ab12d7b6865d
Error - 20.07.2013 04:18:19 | Computer Name = Gabriela-PC | Source = Google Update | ID = 20
Description =
Error - 20.07.2013 04:21:16 | Computer Name = Gabriela-PC | Source = Google Update | ID = 20
Description =
Error - 23.08.2013 13:25:50 | Computer Name = Gabriela-PC | Source = Google Update | ID = 20
Description =
Error - 03.09.2013 13:14:46 | Computer Name = Gabriela-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100,
Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100,
Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011380 ID des fehlerhaften
Prozesses: 0x196c Startzeit der fehlerhaften Anwendung: 0x01cea8c90d09e367 Pfad der
fehlerhaften Anwendung: P:\Avira\AntiVir Desktop\avnotify.exe Pfad des fehlerhaften
Moduls: P:\Avira\AntiVir Desktop\avnotify.exe Berichtskennung: 54c233e8-14bc-11e3-866b-a60f3b584393
[ Media Center Events ]
Error - 29.01.2013 16:26:50 | Computer Name = Gabriela-PC | Source = MCUpdate | ID = 0
Description = 21:26:50 - Fehler beim Herstellen der Internetverbindung. 21:26:50
- Serververbindung konnte nicht hergestellt werden..
Error - 29.01.2013 16:26:57 | Computer Name = Gabriela-PC | Source = MCUpdate | ID = 0
Description = 21:26:56 - Fehler beim Herstellen der Internetverbindung. 21:26:56
- Serververbindung konnte nicht hergestellt werden..
Error - 13.02.2013 16:53:13 | Computer Name = Gabriela-PC | Source = MCUpdate | ID = 0
Description = 21:53:13 - Fehler beim Herstellen der Internetverbindung. 21:53:13
- Serververbindung konnte nicht hergestellt werden..
Error - 13.02.2013 16:53:24 | Computer Name = Gabriela-PC | Source = MCUpdate | ID = 0
Description = 21:53:19 - Fehler beim Herstellen der Internetverbindung. 21:53:19
- Serververbindung konnte nicht hergestellt werden..
Error - 14.02.2013 16:20:53 | Computer Name = Gabriela-PC | Source = MCUpdate | ID = 0
Description = 21:20:53 - Fehler beim Herstellen der Internetverbindung. 21:20:53
- Serververbindung konnte nicht hergestellt werden..
Error - 14.02.2013 16:21:01 | Computer Name = Gabriela-PC | Source = MCUpdate | ID = 0
Description = 21:20:58 - Fehler beim Herstellen der Internetverbindung. 21:20:58
- Serververbindung konnte nicht hergestellt werden..
Error - 14.02.2013 17:21:05 | Computer Name = Gabriela-PC | Source = MCUpdate | ID = 0
Description = 22:21:05 - Fehler beim Herstellen der Internetverbindung. 22:21:05
- Serververbindung konnte nicht hergestellt werden..
Error - 14.02.2013 17:21:10 | Computer Name = Gabriela-PC | Source = MCUpdate | ID = 0
Description = 22:21:10 - Fehler beim Herstellen der Internetverbindung. 22:21:10
- Serververbindung konnte nicht hergestellt werden..
Error - 14.02.2013 18:35:25 | Computer Name = Gabriela-PC | Source = MCUpdate | ID = 0
Description = 23:35:25 - Fehler beim Herstellen der Internetverbindung. 23:35:25
- Serververbindung konnte nicht hergestellt werden..
Error - 14.02.2013 18:35:37 | Computer Name = Gabriela-PC | Source = MCUpdate | ID = 0
Description = 23:35:30 - Fehler beim Herstellen der Internetverbindung. 23:35:30
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 21.03.2013 02:08:10 | Computer Name = Gabriela-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
Error - 31.03.2013 04:09:36 | Computer Name = Gabriela-PC | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.3 mit
dem Computer mit der Netzwerkhardwareadresse CC-F3-A5-23-7B-BD ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.
Error - 02.04.2013 00:25:41 | Computer Name = Gabriela-PC | Source = DCOM | ID = 10010
Description =
Error - 02.04.2013 00:26:13 | Computer Name = Gabriela-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f020b fehlgeschlagen: SAMSUNG Electronics Co., Ltd. - Other hardware
- SAMSUNG Mobile MTP Device
Error - 30.04.2013 00:18:14 | Computer Name = Gabriela-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 16.05.2013 07:02:17 | Computer Name = Gabriela-PC | Source = DCOM | ID = 10010
Description =
Error - 29.05.2013 00:57:48 | Computer Name = Gabriela-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
watchmi service erreicht.
Error - 29.05.2013 00:57:48 | Computer Name = Gabriela-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 06.06.2013 15:01:51 | Computer Name = Gabriela-PC | Source = DCOM | ID = 10005
Description =
Error - 06.06.2013 15:01:51 | Computer Name = Gabriela-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%109
< End of report >
Code:
ATTFilter OTL logfile created on: 07.09.2013 06:28:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gabriela\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,46 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 53,23% Memory free 6,92 Gb Paging File | 3,85 Gb Available in Paging File | 55,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 56,67 Gb Free Space | 58,03% Space Free | Partition Type: NTFS Drive D: | 51,51 Gb Total Space | 44,61 Gb Free Space | 86,61% Space Free | Partition Type: NTFS Drive E: | 32,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 97,65 Gb Total Space | 53,73 Gb Free Space | 55,03% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 47,74 Gb Free Space | 97,76% Space Free | Partition Type: NTFS Drive P: | 195,31 Gb Total Space | 191,70 Gb Free Space | 98,15% Space Free | Partition Type: NTFS Drive R: | 292,97 Gb Total Space | 280,77 Gb Free Space | 95,84% Space Free | Partition Type: NTFS Drive S: | 48,83 Gb Total Space | 43,10 Gb Free Space | 88,28% Space Free | Partition Type: NTFS Drive U: | 100,00 Mb Total Space | 39,49 Mb Free Space | 39,49% Space Free | Partition Type: NTFS Drive V: | 97,66 Gb Total Space | 71,96 Gb Free Space | 73,69% Space Free | Partition Type: NTFS Computer Name: GABRIELA-PC | User Name: Gabriela | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Gabriela\Downloads\OTL.exe (OldTimer Tools) PRC - P:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - P:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - P:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (AVG Secure Search) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe () PRC - C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - P:\Microsoft Office 2003\OFFICE11\WINWORD.EXE (Microsoft Corporation) PRC - C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) PRC - P:\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - P:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - P:\Kies\Kies.exe (Samsung) PRC - P:\Spamihilator\spamihilator.exe (Michel Krämer) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking) PRC - C:\Program Files (x86)\Secure Banking\sbservice.exe () PRC - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - P:\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Users\Gabriela\AppData\Roaming\Ge org Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.) PRC - P:\Jasc Paint Shop Pro 5\Psp.exe (Jasc Software, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\f2f0e9a8703422ee27d0094e81170cca\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\876a6e3ad28ad8fb6303fd81630f4366\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1bfc8df8dc2076bf8bcb90ce32f33c18\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\13181bc68824ceefac1f8bbfd58f33e4\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\e8092f13b7a38dfd4c57e262d02e5212\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1c8c245b408e8c12f73757f7e25c405b\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\625ef7b392f799bdd0ebe0e364bc7b40\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ded1ce18badf565556806edd5572053e\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c0a67abed7df54004613628d9db92a68\System.ni.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ddab8d958a389e0578db75ff35a5d772\mscorlib.ni.dll () MOD - C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll () MOD - C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll () MOD - C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll () MOD - P:\Spamihilator\sqlite3.dll () MOD - P:\Spamihilator\zlib1.dll () MOD - C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\Secure Banking\sbservice.exe () MOD - C:\Program Files (x86)\Secure Banking\SecureBanking.dll () MOD - C:\Program Files (x86)\Secure Banking\funcs.dll () MOD - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - P:\Jasc Paint Shop Pro 5\Fpxlib.dll () MOD - P:\Jasc Paint Shop Pro 5\Jpeglib.dll () MOD - P:\Jasc Paint Shop Pro 5\JCMYK.dll () MOD - P:\Jasc Paint Shop Pro 5\Jcap32.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- P:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- P:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (vToolbarUpdater15.5.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (AVG Secure Search) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys () DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys () DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\rtl8192cu.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=204C08863B1EB86C&affID=119357&tt=250613_gr2&tsp=4929 IE - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=204C08863B1EB86C&affID=119357&tt=250613_gr2&tsp=4929 IE - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002\..\SearchScopes\{38AA0999-8C7B-4C55-8CD3-353FA229EC0C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393 IE - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={94F5C2A1-CDBE-48F1-BF1D-F6B20099D895}&mid=407c0b114f2047d0910645928f05b331-907aaa73fa1b9a26a9741487df9005e382d93c05&lang=de&ds=mt011&pr=sa&d=2013-01-08 00:29:33&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 [2013.08.20 15:40:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon [2013.06.30 09:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://isearch.avg.com/?cid={94F5C2A1-CDBE-48F1-BF1D-F6B20099D895}&mid=407c0b114f2047d0910645928f05b331-907aaa73fa1b9a26a9741487df9005e382d93c05&lang=de&ds=mt011&pr=sa&d=2013-01-08 00:29:33&v=15.3.0.11&pid=avg&sg=0&sap=hp CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Chrome In-App Payments service = C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] P:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DataCardMonitor] P:\Ge org Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [KiesTrayAgent] P:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002..\Run: [] P:\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002..\Run: [Facebook Update] C:\Users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002..\Run: [HW_OPENEYE_OUC_Ge org Internet Manager] P:\Ge org Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002..\Run: [KiesAirMessage] P:\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002..\Run: [KiesPreload] P:\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-2949166557-3930466050-1292464765-1002..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = P:\Spamihilator\spamihilator.exe (Michel Krämer) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - P:\Microsoft Office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - P:\Microsoft Office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\Microsoft Office 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F3C545D-F1F8-4CFD-9CDB-BF819A338F53}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD2CD489-369C-4B33-AC33-C5FB9AE98D63}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3a66cfcf-59d3-11e2-aacc-94dbc9e15ac2}\Shell - "" = AutoRun O33 - MountPoints2\{3a66cfcf-59d3-11e2-aacc-94dbc9e15ac2}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{3a66cfdf-59d3-11e2-aacc-94dbc9e15ac2}\Shell - "" = AutoRun O33 - MountPoints2\{3a66cfdf-59d3-11e2-aacc-94dbc9e15ac2}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{ff66749f-6525-11e2-ba1d-d7103336f496}\Shell - "" = AutoRun O33 - MountPoints2\{ff66749f-6525-11e2-ba1d-d7103336f496}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{ff6674b4-6525-11e2-ba1d-d7103336f496}\Shell - "" = AutoRun O33 - MountPoints2\{ff6674b4-6525-11e2-ba1d-d7103336f496}\Shell\AutoRun\command - "" = H:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.08.31 14:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking [2013.08.31 14:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking [2013.08.31 14:17:46 | 000,000,000 | ---D | C] -- C:\Users\Gabriela\AppData\Roaming\WinRAR [2013.08.31 14:17:46 | 000,000,000 | ---D | C] -- C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.08.31 14:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.08.31 14:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.08.25 20:16:38 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.08.25 20:16:32 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.08.25 20:16:32 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.08.25 20:16:32 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.08.25 20:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.08.23 19:51:32 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.08.23 19:51:32 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.08.23 19:51:31 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.08.23 19:51:31 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.08.23 19:51:31 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.08.23 19:51:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.08.23 19:51:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.08.23 19:51:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.08.23 19:51:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.08.23 19:51:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.08.20 23:05:19 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.08.20 23:05:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.08.20 23:05:18 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.08.20 23:05:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.08.20 23:05:18 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.08.20 23:05:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.08.20 23:05:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.08.20 23:05:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.08.20 23:05:18 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.08.20 23:05:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.08.20 23:05:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.08.20 23:05:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.08.20 23:05:16 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.08.20 23:05:16 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.08.20 23:05:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.08.20 16:21:25 | 000,051,992 | ---- | C] (cake bake) -- C:\Program Files (x86)\WBDesktop.Updater.1.0.0.16.exe [2013.08.20 16:21:25 | 000,000,000 | ---D | C] -- C:\Users\Gabriela\AppData\Roaming\Betcat [2013.08.20 15:52:13 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.08.20 15:52:12 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013.08.20 15:52:12 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.08.20 15:52:01 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013.08.20 15:52:01 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013.08.20 15:52:01 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll ========== Files - Modified Within 30 Days ========== [2013.09.07 06:23:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.09.07 06:19:26 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.09.07 06:19:26 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.09.07 06:16:01 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\DSite.job [2013.09.07 06:11:13 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.09.07 06:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.09.07 06:04:18 | 000,000,072 | ---- | M] () -- C:\Users\Gabriela\AppData\Roaming\WB.CFG [2013.09.07 06:04:18 | 000,000,005 | ---- | M] () -- C:\Users\Gabriela\AppData\Roaming\WBPU-TTL.DAT [2013.09.07 06:04:08 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002UA.job [2013.09.07 06:04:08 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002Core.job [2013.09.07 06:03:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.09.03 13:16:37 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.09.03 13:16:37 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.09.03 13:16:37 | 000,081,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.09.03 13:14:09 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.09.03 13:14:09 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.09.03 13:14:09 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.09.03 13:14:09 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.09.03 13:14:09 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.09.03 13:09:44 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013.09.03 13:09:44 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job [2013.09.03 13:09:16 | 2787,954,688 | -HS- | M] () -- C:\hiberfil.sys [2013.08.31 09:30:53 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.08.25 20:16:29 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.08.25 20:16:29 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.08.25 20:16:29 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.08.25 20:16:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.08.25 20:16:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.08.25 20:16:29 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.08.23 21:06:36 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.08.23 21:06:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.08.20 16:21:25 | 000,051,992 | ---- | M] (cake bake) -- C:\Program Files (x86)\WBDesktop.Updater.1.0.0.16.exe [2013.08.20 15:40:07 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys ========== Files Created - No Company Name ========== [2013.07.27 10:16:04 | 000,000,072 | ---- | C] () -- C:\Users\Gabriela\AppData\Roaming\WB.CFG [2013.06.30 10:16:11 | 000,000,005 | ---- | C] () -- C:\Users\Gabriela\AppData\Roaming\WBPU-TTL.DAT [2013.03.03 00:17:22 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013.03.03 00:17:22 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013.01.14 11:32:48 | 000,017,408 | ---- | C] () -- C:\Users\Gabriela\AppData\Local\WebpageIcons.db [2013.01.12 16:31:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2013.01.08 02:04:56 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2013.01.07 23:15:14 | 000,000,000 | ---- | C] () -- C:\Users\Gabriela\AppData\Local\{1361CF56-CFA0-4CCA-8C6D-106D494E69BA} [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.05.05 00:37:46 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.04.25 21:49:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.25 20:29:27 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.25 20:29:27 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.25 20:29:26 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.04.20 01:12:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2013.09.07 06:05:05 | 096,496,803 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\뮀䛾 [2013.09.03 19:14:46 | 096,496,803 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\뮀䛾 < End of report > LG, Achillia |
|
07.09.2013, 07:09
| #2 |
| /// the machine /// TB-Ausbilder    | neue Tabs mit Werbung in Google Chrome hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
07.09.2013, 08:20
| #3 |
| | neue Tabs mit Werbung in Google Chrome Hallo! Danke für die schnelle Antwort.
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2013 Ran by Gabriela (administrator) on GABRIELA-PC on 07-09-2013 09:13:14 Running from C:\Users\Gabriela\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe () C:\Program Files (x86)\watchmi\TvdService.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Samsung) P:\Kies\Kies.exe (Huawei Technologies Co., Ltd.) C:\Users\Gabriela\AppData\Roaming\Ge org Internet Manager\ouc.exe (Samsung) P:\Kies\External\FirmwareUpdate\KiesPDLR.exe (Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe () C:\Program Files (x86)\AVG Secure Search\vprot.exe (Samsung Electronics Co., Ltd.) P:\Kies\KiesTrayAgent.exe () C:\Program Files (x86)\Secure Banking\sbservice.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\watchmi\TvdTray.exe (Dropbox, Inc.) C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Facebook) C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Michel Krämer) P:\Spamihilator\spamihilator.exe (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avgnt.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Jasc Software, Inc.) P:\Jasc Paint Shop Pro 5\Psp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (OldTimer Tools) C:\Users\Gabriela\Downloads\OTL.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) P:\avira\antivir desktop\ipmGui.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKCU\...\Run: [HW_OPENEYE_OUC_Ge org Internet Manager] - P:\Ge org Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.) HKCU\...\Run: [KiesPreload] - P:\Kies\Kies.exe [1509232 2013-02-13] (Samsung) HKCU\...\Run: [KiesAirMessage] - P:\Kies\KiesAirMessage.exe -startup [x] HKCU\...\Run: [] - P:\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung) HKCU\...\Run: [Facebook Update] - C:\Users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-30] (Facebook Inc.) HKCU\...\Run: [SecureBanking] - C:\Program Files (x86)\Secure Banking\SecureBanking.exe [372736 2012-09-10] (Secure Banking) MountPoints2: {3a66cfcf-59d3-11e2-aacc-94dbc9e15ac2} - H:\AutoRun.exe MountPoints2: {3a66cfdf-59d3-11e2-aacc-94dbc9e15ac2} - H:\AutoRun.exe MountPoints2: {ff66749f-6525-11e2-ba1d-d7103336f496} - H:\AutoRun.exe MountPoints2: {ff6674b4-6525-11e2-ba1d-d7103336f496} - H:\Setup.exe HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-05] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-20] () HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2314416 2013-08-20] () HKLM-x32\...\Run: [DataCardMonitor] - P:\Ge org Internet Manager\DataCardMonitor.exe [253952 2013-01-08] (Huawei Technologies Co., Ltd.) HKLM-x32\...\Run: [KiesTrayAgent] - P:\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] - P:\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.) Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk ShortcutTarget: Spamihilator.lnk -> P:\Spamihilator\spamihilator.exe (Michel Krämer) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=204C08863B1EB86C&affID=119357&tt=250613_gr2&tsp=4929 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={94F5C2A1-CDBE-48F1-BF1D-F6B20099D895}&mid=407c0b114f2047d0910645928f05b331-907aaa73fa1b9a26a9741487df9005e382d93c05&lang=de&ds=mt011&pr=sa&d=2013-01-08 00:29:33&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=204C08863B1EB86C&affID=119357&tt=250613_gr2&tsp=4929 SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={94F5C2A1-CDBE-48F1-BF1D-F6B20099D895}&mid=407c0b114f2047d0910645928f05b331-907aaa73fa1b9a26a9741487df9005e382d93c05&lang=de&ds=mt011&pr=sa&d=2013-01-08 00:29:33&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Chrome: ======= CHR HomePage: hxxp://isearch.avg.com/?cid={94F5C2A1-CDBE-48F1-BF1D-F6B20099D895}&mid=407c0b114f2047d0910645928f05b331-907aaa73fa1b9a26a9741487df9005e382d93c05&lang=de&ds=mt011&pr=sa&d=2013-01-08 00:29:33&v=15.3.0.11&pid=avg&sg=0&sap=hp CHR RestoreOnStartup: "hxxp://www.google.at/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll () CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll (AVG Technologies) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.50.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Extension: (Chrome In-App Payments service) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-05] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; P:\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; P:\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-20] (AVG Secure Search) R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-20] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG) R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] () S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] () R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation ) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-07 09:11 - 2013-09-07 09:11 - 01948604 _____ (Farbar) C:\Users\Gabriela\Desktop\FRST64.exe 2013-09-07 06:36 - 2013-09-07 06:36 - 00092758 _____ C:\Users\Gabriela\Downloads\Extras.Txt 2013-09-07 06:35 - 2013-09-07 06:35 - 00091830 _____ C:\Users\Gabriela\Downloads\OTL.Txt 2013-09-07 06:25 - 2013-09-07 06:25 - 00602112 _____ (OldTimer Tools) C:\Users\Gabriela\Downloads\OTL.exe 2013-09-03 19:14 - 2013-09-07 06:05 - 96496803 _____ C:\Windows\SysWOW64\뮀䛾 2013-08-31 14:18 - 2013-08-31 14:18 - 00000000 ____D C:\Program Files (x86)\Secure Banking 2013-08-31 14:17 - 2013-08-31 14:18 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1 (2).rar 2013-08-31 14:17 - 2013-08-31 14:18 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\WinRAR 2013-08-31 14:17 - 2013-08-31 14:17 - 01609145 _____ C:\Users\Gabriela\Downloads\wrar420d.exe 2013-08-31 14:17 - 2013-08-31 14:17 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-08-31 14:15 - 2013-08-31 14:15 - 00483764 _____ C:\Users\Gabriela\Downloads\ARJ286.EXE 2013-08-31 14:13 - 2013-08-31 14:13 - 00414150 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.2.rar 2013-08-31 14:13 - 2013-08-31 14:13 - 00414150 _____ C:\Users\Gabriela\Downloads\1.5.2 2013-08-31 14:10 - 2013-08-31 14:10 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1 (1).rar 2013-08-31 14:09 - 2013-08-31 14:09 - 01110476 _____ C:\Users\Gabriela\Downloads\7z920.exe 2013-08-31 14:03 - 2013-08-31 14:03 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1.rar 2013-08-25 20:16 - 2013-08-25 20:16 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-25 20:16 - 2013-08-25 20:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-25 20:16 - 2013-08-25 20:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-25 20:16 - 2013-08-25 20:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-25 20:16 - 2013-08-25 20:16 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-23 19:51 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-23 19:51 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-23 19:51 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-23 19:51 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-23 19:51 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-23 19:51 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-23 19:51 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-23 19:51 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-23 19:51 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-23 19:51 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-23 19:51 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-20 23:05 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-20 23:05 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-20 23:05 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-20 23:05 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-20 23:05 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-20 23:05 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-20 23:05 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-20 23:05 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-20 23:05 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-20 23:05 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-20 23:05 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-20 23:05 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-20 23:05 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-20 23:05 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-20 23:05 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-20 23:05 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-20 23:05 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-20 23:05 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-20 23:05 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-20 23:05 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-20 23:05 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-20 23:05 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-20 23:05 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-20 23:05 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-20 23:05 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-20 23:05 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-20 23:05 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-20 23:05 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-20 23:05 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-20 23:05 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-20 23:05 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-20 16:21 - 2013-08-20 16:21 - 00051992 _____ (cake bake) C:\Program Files (x86)\WBDesktop.Updater.1.0.0.16.exe 2013-08-20 16:21 - 2013-08-20 16:21 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Betcat 2013-08-20 15:52 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-20 15:52 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-20 15:52 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-20 15:52 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-20 15:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-20 15:52 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-20 15:52 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-20 15:52 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-20 15:52 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-20 15:52 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-20 15:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-20 15:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-20 15:52 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-20 15:52 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-20 15:52 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-20 15:51 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys ==================== One Month Modified Files and Folders ======= 2013-09-07 09:12 - 2013-09-07 09:12 - 00000000 ____D C:\FRST 2013-09-07 09:11 - 2013-09-07 09:11 - 01948604 _____ (Farbar) C:\Users\Gabriela\Desktop\FRST64.exe 2013-09-07 09:08 - 2013-01-07 15:33 - 01821743 _____ C:\Windows\WindowsUpdate.log 2013-09-07 09:08 - 2008-01-01 09:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-07 08:23 - 2013-01-07 15:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-07 08:16 - 2013-06-30 09:16 - 00000298 _____ C:\Windows\Tasks\DSite.job 2013-09-07 07:22 - 2013-01-25 00:51 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Spamihilator 2013-09-07 07:21 - 2013-06-30 22:16 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002UA.job 2013-09-07 06:36 - 2013-09-07 06:36 - 00092758 _____ C:\Users\Gabriela\Downloads\Extras.Txt 2013-09-07 06:35 - 2013-09-07 06:35 - 00091830 _____ C:\Users\Gabriela\Downloads\OTL.Txt 2013-09-07 06:25 - 2013-09-07 06:25 - 00602112 _____ (OldTimer Tools) C:\Users\Gabriela\Downloads\OTL.exe 2013-09-07 06:19 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-07 06:19 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-07 06:11 - 2013-01-07 15:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-07 06:05 - 2013-09-03 19:14 - 96496803 _____ C:\Windows\SysWOW64\뮀䛾 2013-09-07 06:04 - 2013-07-27 10:16 - 00000072 _____ C:\Users\Gabriela\AppData\Roaming\WB.CFG 2013-09-07 06:04 - 2013-06-30 22:16 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002Core.job 2013-09-07 06:04 - 2013-06-30 10:16 - 00000005 _____ C:\Users\Gabriela\AppData\Roaming\WBPU-TTL.DAT 2013-09-03 13:16 - 2013-05-06 13:20 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-09-03 13:16 - 2013-03-30 12:37 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-03 13:16 - 2013-03-30 12:37 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-03 13:14 - 2011-05-16 16:04 - 00654150 _____ C:\Windows\system32\perfh007.dat 2013-09-03 13:14 - 2011-05-16 16:04 - 00130022 _____ C:\Windows\system32\perfc007.dat 2013-09-03 13:14 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-03 13:10 - 2013-03-20 22:11 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Dropbox 2013-09-03 13:09 - 2013-06-07 22:42 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2013-09-03 13:09 - 2013-05-31 20:48 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-09-03 13:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-03 13:09 - 2009-07-14 06:51 - 00201017 _____ C:\Windows\setupact.log 2013-08-31 14:18 - 2013-08-31 14:18 - 00000000 ____D C:\Program Files (x86)\Secure Banking 2013-08-31 14:18 - 2013-08-31 14:17 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1 (2).rar 2013-08-31 14:18 - 2013-08-31 14:17 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\WinRAR 2013-08-31 14:17 - 2013-08-31 14:17 - 01609145 _____ C:\Users\Gabriela\Downloads\wrar420d.exe 2013-08-31 14:17 - 2013-08-31 14:17 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-08-31 14:15 - 2013-08-31 14:15 - 00483764 _____ C:\Users\Gabriela\Downloads\ARJ286.EXE 2013-08-31 14:13 - 2013-08-31 14:13 - 00414150 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.2.rar 2013-08-31 14:13 - 2013-08-31 14:13 - 00414150 _____ C:\Users\Gabriela\Downloads\1.5.2 2013-08-31 14:10 - 2013-08-31 14:10 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1 (1).rar 2013-08-31 14:09 - 2013-08-31 14:09 - 01110476 _____ C:\Users\Gabriela\Downloads\7z920.exe 2013-08-31 14:03 - 2013-08-31 14:03 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1.rar 2013-08-31 09:30 - 2013-01-07 15:34 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-08-29 13:24 - 2010-11-21 05:47 - 00016276 _____ C:\Windows\PFRO.log 2013-08-25 20:16 - 2013-08-25 20:16 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-25 20:16 - 2013-08-25 20:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-25 20:16 - 2013-08-25 20:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-25 20:16 - 2013-08-25 20:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-25 20:16 - 2013-08-25 20:16 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-25 20:16 - 2012-01-25 22:13 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2013-08-25 20:16 - 2011-07-18 23:13 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-25 20:06 - 2013-01-19 10:47 - 00000000 ____D C:\Users\Gabriela\Documents\My PSP8 Files 2013-08-23 21:06 - 2011-12-01 23:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-23 21:06 - 2008-01-01 09:31 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-23 21:06 - 2008-01-01 09:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-21 14:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-20 23:01 - 2013-07-20 23:02 - 00000000 ____D C:\Windows\system32\MRT 2013-08-20 22:59 - 2011-07-18 22:31 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-20 22:59 - 2009-07-14 04:34 - 00000533 _____ C:\Windows\win.ini 2013-08-20 16:21 - 2013-08-20 16:21 - 00051992 _____ (cake bake) C:\Program Files (x86)\WBDesktop.Updater.1.0.0.16.exe 2013-08-20 16:21 - 2013-08-20 16:21 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Betcat 2013-08-20 15:40 - 2013-01-14 11:14 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2013-08-20 15:40 - 2013-01-08 01:29 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search Files to move or delete: ==================== C:\Users\Gabriela\AppData\Local\Temp\amdbdoyx.dll C:\Users\Gabriela\AppData\Local\Temp\avguidx.dll C:\Users\Gabriela\AppData\Local\Temp\CommonInstaller.exe C:\Users\Gabriela\AppData\Local\Temp\iGearedHelper.dll C:\Users\Gabriela\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Gabriela\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Gabriela\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Gabriela\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Gabriela\AppData\Local\Temp\SkypeSetup.exe C:\Users\Gabriela\AppData\Local\Temp\ToolbarInstaller.exe C:\Users\Gabriela\AppData\Local\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-02 18:02 ==================== End Of Log ============================ Code:
ATTFilter --- --- ---
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2013
Ran by Gabriela at 2013-09-07 09:13:59
Running from C:\Users\Gabriela\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
7-Zip 9.20 (x32)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2)
Adobe AIR (x32 Version: 3.5.0.880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.3) MUI (x32 Version: 10.1.3)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.873.1)
AMD AVIVO64 Codecs (Version: 12.2.0.20504)
AMD Catalyst Install Manager (Version: 3.0.864.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0504.1554.26509)
AMD Media Foundation Decoders (Version: 1.0.70504.1544)
AMD VISION Engine Control Center (x32 Version: 2012.0504.1554.26509)
AVG Security Toolbar (x32 Version: 15.5.0.2)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Belkin N300 Micro USB Wireless Adapter (x32 Version: 1.00.0155)
Catalyst Control Center InstallProxy (x32 Version: 2012.0504.1554.26509)
Catalyst Control Center Localization All (x32 Version: 2012.0504.1554.26509)
CCC Help Danish (x32 Version: 2012.0504.1553.26509)
CCC Help Dutch (x32 Version: 2012.0504.1553.26509)
CCC Help English (x32 Version: 2012.0504.1553.26509)
CCC Help Finnish (x32 Version: 2012.0504.1553.26509)
CCC Help French (x32 Version: 2012.0504.1553.26509)
CCC Help German (x32 Version: 2012.0504.1553.26509)
CCC Help Italian (x32 Version: 2012.0504.1553.26509)
CCC Help Japanese (x32 Version: 2012.0504.1553.26509)
CCC Help Norwegian (x32 Version: 2012.0504.1553.26509)
CCC Help Spanish (x32 Version: 2012.0504.1553.26509)
CCC Help Swedish (x32 Version: 2012.0504.1553.26509)
ccc-utility64 (Version: 2012.0504.1554.26509)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
D3DX10 (x32 Version: 15.4.2368.0902)
Dropbox (HKCU Version: 2.0.22)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Free Studio version 2013 (x32 Version: 6.1.0.320)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Ge org Internet Manager (x32 Version: 11.301.05.02.852)
Google Chrome (x32 Version: 29.0.1547.62)
Google Update Helper (x32 Version: 1.3.21.153)
IPTInstaller (x32 Version: 4.0.8)
Jasc Paint Shop Pro 8 (x32 Version: 8.03.0000)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 7 Update 5 (64-bit) (Version: 7.0.50)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MiniTool Partition Wizard Home Edition 7.6 (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MyFreeCodec (HKCU)
Paint Shop Pro 5.01 CD (x32)
PCSUITE SHREDDER (x32)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6591)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Samsung Kies (x32 Version: 2.5.1.12123_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0)
Secure Banking Version 1.5.1 (x32 Version: 1.5.1)
Skype™ 6.3 (x32 Version: 6.3.105)
Spamihilator 1.5.0 (32-Bit) (x32 Version: 1.5.0)
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0)
swMSM (x32 Version: 12.0.0.1)
Update for Audio Converter (HKCU)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2)
watchmi (x32 Version: 3.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
==================== Restore Points =========================
24-08-2013 07:46:49 Windows Update
25-08-2013 18:15:53 Installed Java 7 Update 25
02-09-2013 16:01:57 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {319686D4-935F-42BE-8150-E69DA58E88C6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{33FE3AE9-479F-413F-99D1-9FB3EFF7C4D0}.exe
Task: {4DC69ADB-3296-4922-A078-53B11A6B4DBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: {66700F3D-2ABE-4082-87B8-8D546CAE53C0} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {87A33717-C27E-4B2C-92B8-32DC1939A685} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2949166557-3930466050-1292464765-1002 => C:\Windows\System32\portabledeviceapi.dll [2010-11-21] (Microsoft Corporation)
Task: {8D8A17FE-9F17-4BFA-9CA3-A649D0B569CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-23] (Adobe Systems Incorporated)
Task: {9508888E-84D5-4934-86C6-EFFA97484C92} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002UA => C:\Users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-30] (Facebook Inc.)
Task: {9F2E5A99-A108-41ED-B97E-F24A4D1390D7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{C23F046C-B42A-49F3-95D7-0BA0F26C2C07}.exe
Task: {B6A521CC-59FE-476F-AC0E-314BD74EBC73} - System32\Tasks\Launch HTC Sync Loader => R:\test-htc\htcUPCTLoader.exe
Task: {BFB3FCB6-487E-44D7-B705-CFE06BA8BE15} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002Core => C:\Users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-30] (Facebook Inc.)
Task: {CA85C3CA-2572-4AD9-AD95-015346A30AC6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: {DA887185-1C64-4EA1-ACCC-D5DA1F5FB7A1} - System32\Tasks\{C4A0C108-7763-4BE6-A76B-5BD630FB010B} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.1.0.129.272&LastError=12002
Task: {DAB3E3EB-61BA-441A-B338-DD0CD537565E} - System32\Tasks\DSite => C:\Users\Gabriela\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-06-30] ()
Task: {F722EA07-C458-4571-B98E-AC75E7D870C9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {FD199C90-4AB0-49A8-BFED-B87C56DA49D0} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{C23F046C-B42A-49F3-95D7-0BA0F26C2C07}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{33FE3AE9-479F-413F-99D1-9FB3EFF7C4D0}.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\Gabriela\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002Core.job => C:\Users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002UA.job => C:\Users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-05 00:12 - 2013-04-05 00:12 - 00164016 _____ (Dropbox, Inc.) C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2013-08-31 14:17 - 2012-06-09 19:20 - 00196096 _____ (Alexander Roshal) P:\rarext64.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 02288184 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\shlext64.dll
2012-01-31 12:24 - 2012-01-31 12:24 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2013-01-07 15:34 - 2013-01-07 15:34 - 00059904 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Remote\3.0.0.8__f722db7bec59a14b\Tvd.Remote.dll
2013-01-15 00:40 - 2012-09-18 16:27 - 03162624 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\suhp1020.dll
2013-01-15 00:40 - 2012-09-18 16:27 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\gchp1020.dll
2013-01-15 00:40 - 2012-09-18 16:27 - 00676864 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sdhp1020.dll
2012-05-05 00:43 - 2012-05-05 00:43 - 00311296 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-05-05 00:43 - 2012-05-05 00:43 - 00192512 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2009-01-20 23:51 - 2009-01-20 23:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2012-05-05 00:40 - 2012-05-05 00:40 - 00037376 _____ (AMD) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\FUEL.Implementation.dll
2012-05-05 00:40 - 2012-05-05 00:40 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-05-05 00:48 - 2012-05-05 00:48 - 00028160 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2012-05-05 00:47 - 2012-05-05 00:47 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-08-23 19:51 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-01-18 09:37 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\syswow64\kernel32.dll
2013-01-18 09:37 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNELBASE.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00833024 _____ (Microsoft Corporation) C:\Windows\syswow64\USER32.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00311296 _____ (Microsoft Corporation) C:\Windows\syswow64\GDI32.dll
2009-07-14 01:25 - 2009-07-14 03:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\syswow64\LPK.dll
2013-01-18 09:37 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\syswow64\USP10.dll
2012-02-15 16:42 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\syswow64\msvcrt.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00640512 _____ (Microsoft Corporation) C:\Windows\syswow64\ADVAPI32.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2013-08-20 15:52 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\syswow64\RPCRT4.dll
2012-07-19 01:34 - 2012-06-02 06:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\syswow64\SspiCli.dll
2009-07-14 01:12 - 2009-07-14 03:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPTBASE.dll
2013-05-15 14:56 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.dll
2010-11-21 05:23 - 2010-11-21 05:23 - 00350208 _____ (Microsoft Corporation) C:\Windows\syswow64\SHLWAPI.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 01414144 _____ (Microsoft Corporation) C:\Windows\syswow64\ole32.dll
2011-10-14 13:14 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.dll
2013-08-20 15:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPT32.dll
2010-11-21 05:23 - 2010-11-21 05:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\syswow64\MSASN1.dll
2013-08-20 15:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\syswow64\WINTRUST.dll
2009-07-14 01:28 - 2009-07-14 03:15 - 00828928 _____ (Microsoft Corporation) C:\Windows\syswow64\MSCTF.dll
2010-11-21 05:23 - 2010-11-21 05:23 - 00206848 _____ (Microsoft Corporation) C:\Windows\syswow64\WS2_32.dll
2009-07-14 01:12 - 2009-07-14 03:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\syswow64\NSI.dll
2013-08-20 23:05 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\syswow64\WININET.dll
2009-07-14 01:15 - 2009-07-14 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\syswow64\normaliz.DLL
2013-08-20 23:05 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\syswow64\iertutil.dll
2009-07-14 01:44 - 2009-07-14 03:15 - 00522240 _____ (Microsoft Corporation) C:\Windows\syswow64\CLBCatQ.DLL
2013-08-20 23:05 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\syswow64\urlmon.dll
2009-07-14 01:15 - 2009-07-14 03:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\PSAPI.DLL
2013-08-20 15:40 - 2013-08-20 15:40 - 00521904 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00833024 _____ (Microsoft Corporation) C:\Windows\syswow64\user32.dll
2013-01-18 09:37 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNEL32.dll
2012-12-18 11:08 - 2012-12-18 11:08 - 00307200 _____ ( MarkAny.) P:\Kies\External\MACSSDK.dll
2010-11-21 05:23 - 2010-11-21 05:23 - 00485888 _____ (Microsoft Corporation) C:\Windows\syswow64\comdlg32.dll
2012-12-18 11:07 - 2013-02-13 04:00 - 00166288 _____ (Samsung) P:\Kies\External\FirmwareUpdate\AgentDialogs.dll
2012-12-18 11:07 - 2013-02-13 04:00 - 00054152 _____ (Samsung) P:\Kies\External\FirmwareUpdate\AgentModels.dll
2012-12-18 11:07 - 2013-02-13 04:00 - 00119688 _____ (Samsung) P:\Kies\External\FirmwareUpdate\GlobalUtil.dll
2010-11-21 05:23 - 2010-11-21 05:23 - 01667584 _____ (Microsoft Corporation) C:\Windows\syswow64\SETUPAPI.dll
2011-07-18 22:30 - 2011-05-24 12:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\syswow64\CFGMGR32.dll
2011-07-18 22:30 - 2011-05-24 12:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\syswow64\DEVOBJ.dll
2012-12-18 11:07 - 2013-02-13 04:00 - 01025936 _____ (Samsung) P:\Kies\External\FirmwareUpdate\CommonModule.dll
2012-12-18 11:07 - 2013-02-13 04:00 - 01612680 _____ (Samsung) P:\Kies\External\FirmwareUpdate\AgentModule.dll
2012-12-18 11:07 - 2013-02-13 04:00 - 00106496 _____ (TODO: <Company name>) P:\Kies\External\FirmwareUpdate\BaseUI.dll
2012-12-18 11:07 - 2013-02-13 04:00 - 03341208 _____ (Codejock Software) P:\Kies\External\FirmwareUpdate\ToolkitPro1331vc90U.dll
2008-01-01 09:23 - 2012-03-01 07:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\syswow64\imagehlp.dll
2013-05-15 14:56 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\syswow64\shell32.dll
2013-08-20 23:05 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\syswow64\wininet.dll
2013-08-20 15:40 - 2013-08-20 15:40 - 00144560 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll
2012-12-20 19:40 - 2013-02-13 12:32 - 00250368 _____ (Windows (R) Codename Longhorn DDK provider) P:\Kies\External\DeviceModules\UPNPDevice_Kies.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00269824 _____ (Microsoft Corporation) C:\Windows\syswow64\WLDAP32.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00640512 _____ (Microsoft Corporation) C:\Windows\syswow64\advapi32.dll
2013-08-31 14:18 - 2012-09-07 17:30 - 00016384 _____ () C:\Program Files (x86)\Secure Banking\SecureBanking.dll
2013-08-31 14:18 - 2012-09-05 20:49 - 00008704 _____ () C:\Program Files (x86)\Secure Banking\funcs.dll
2009-07-14 01:15 - 2009-07-14 03:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\psapi.dll
2010-11-21 05:23 - 2010-11-21 05:23 - 00350208 _____ (Microsoft Corporation) C:\Windows\syswow64\shlwapi.DLL
2012-07-19 01:34 - 2012-06-02 06:40 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2009-07-14 01:33 - 2009-07-14 03:17 - 00249680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2009-07-14 01:15 - 2009-07-14 03:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\Psapi.dll
2010-11-21 05:23 - 2010-11-21 05:23 - 00485888 _____ (Microsoft Corporation) C:\Windows\syswow64\COMDLG32.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-08-20 15:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\syswow64\Crypt32.DLL
2009-07-14 01:53 - 2009-07-14 03:15 - 00462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\icudt.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 00292272 _____ () C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 21014960 _____ () C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 09962416 _____ (The ICU Project) C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\icudt.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 00179632 _____ () C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 00399280 _____ (Newtonsoft) C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\Newtonsoft.Json.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00067072 _____ (Michel Krämer) P:\Spamihilator\uclanguage.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00093696 _____ (Michel Krämer) P:\Spamihilator\spsock.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00666112 _____ (Michel Krämer) P:\Spamihilator\spssl.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00109056 _____ (Michel Krämer) P:\Spamihilator\spu.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00118784 _____ (Michel Krämer) P:\Spamihilator\spu2.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00075264 _____ (Michel Krämer) P:\Spamihilator\spudb.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00163840 _____ (Michel Krämer) P:\Spamihilator\splpp.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00060416 _____ () P:\Spamihilator\zlib1.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00011776 _____ (Michel Krämer) P:\Spamihilator\crashhandler.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00279040 _____ () P:\Spamihilator\sqlite3.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00143872 _____ (Michel Krämer) P:\Spamihilator\plugins3\attachmentfilter.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00143872 _____ (Michel Krämer) P:\Spamihilator\plugins3\dccfilter.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00012288 _____ (Michel Krämer) P:\Spamihilator\plugins3\imagefilter.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00098304 _____ (Michel Krämer) P:\Spamihilator\plugins3\learningfilter.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00258048 _____ (Michel Krämer) P:\Spamihilator\plugins3\linkfilter.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00187904 _____ (Michel Krämer) P:\Spamihilator\plugins3\newsletter.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00444416 _____ (Michel Krämer) P:\Spamihilator\plugins3\rulefilter.dll
2013-01-25 00:49 - 2013-01-25 00:49 - 00264704 _____ (Michel Krämer) P:\Spamihilator\plugins3\spamwordfilter.dll
2010-10-13 16:18 - 2010-10-13 16:18 - 07628120 _____ (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\OUTLLIB.dll
2012-02-15 16:42 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\syswow64\MSVCRT.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00119808 _____ (Microsoft Corporation) C:\Windows\syswow64\IMM32.dll
2007-05-03 08:31 - 2007-05-03 08:31 - 03157376 _____ (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\1031\outllibr.dll
2009-02-09 22:28 - 2009-02-09 22:28 - 00066904 _____ (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\OUTLRPC.dll
2009-06-15 17:43 - 2009-06-15 17:43 - 00350024 _____ (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\exsec32.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2009-07-14 01:27 - 2009-07-14 03:16 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uiautomationcore.dll
2007-04-19 15:07 - 2007-04-19 15:07 - 00036192 _____ (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\msostyle.dll
2007-03-22 20:07 - 2007-03-22 20:07 - 00069984 _____ (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\SENDTO.DLL
2009-07-14 02:18 - 2009-07-14 03:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\imaadp32.acm
2009-07-14 02:18 - 2009-07-14 03:38 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\msg711.acm
2009-07-14 02:18 - 2009-07-14 03:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\msgsm32.acm
2009-07-14 02:18 - 2009-07-14 03:38 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\msadp32.acm
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codeca.acm
2005-11-04 13:36 - 2005-11-04 13:36 - 00307440 _____ (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\OUTLFLTR.DLL
2007-03-22 20:09 - 2007-03-22 20:09 - 00394080 _____ (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\RTFHTML.DLL
2009-04-10 17:47 - 2009-04-10 17:47 - 00102744 _____ (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\outlmime.dll
2007-11-19 21:38 - 2007-11-19 21:38 - 00150016 _____ (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\outlph.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-28 16:31 - 2013-05-28 16:31 - 01701528 _____ (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\GdiPlus.DLL
2013-04-05 00:12 - 2013-04-05 00:12 - 00130736 _____ (Dropbox, Inc.) C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2008-01-14 22:51 - 2008-01-14 22:51 - 00137736 _____ (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\ENVELOPE.DLL
2007-05-03 08:19 - 2007-05-03 08:19 - 00023424 _____ (Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\1031\envelopr.dll
2006-06-27 11:39 - 2006-06-27 11:39 - 00357912 _____ (Lingsoft, Inc.) C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\MSSP3GE.DLL
2013-08-20 15:40 - 2013-08-20 15:40 - 01110704 _____ (AVG Technologies) C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
2013-08-31 09:30 - 2013-08-24 19:48 - 09962960 _____ (The ICU Project) C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\icudt.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2009-07-14 02:03 - 2009-07-14 03:15 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2010-11-21 05:23 - 2010-11-21 05:23 - 01667584 _____ (Microsoft Corporation) C:\Windows\syswow64\setupapi.dll
2013-08-31 09:30 - 2013-08-24 19:49 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libglesv2.dll
2013-08-31 09:30 - 2013-08-24 19:49 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libegl.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00415288 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\grdcore.dll
2013-01-25 00:55 - 2013-09-03 13:15 - 00055352 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\cfglib.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00218168 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\gpipc.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00109112 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\gpgen.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00128056 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\gpschd.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00165432 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avevtlog.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00013368 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\schedr.dll
2013-01-25 00:55 - 2012-09-19 19:17 - 00397088 _____ () P:\Avira\AntiVir Desktop\sqlite3.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00039480 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\gpgrd.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00057400 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\gpgui.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00042552 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\gplegacy.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00050744 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\gpgenrep.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00025656 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\onlcfg.dll
2013-07-01 21:23 - 2013-09-03 13:16 - 00110648 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\gavidb.dll
2013-07-01 21:23 - 2013-09-03 13:16 - 01258040 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\libdb53.dll
2013-01-25 00:55 - 2013-09-03 13:15 - 00059448 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avipc.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00497720 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\avlode.dll
2013-01-25 00:55 - 2013-07-01 21:22 - 00154112 _____ (Avira GmbH) P:\Avira\AntiVir Desktop\apcfile.dll
2013-01-25 00:55 - 2012-10-02 11:43 - 00263992 _____ (The cURL library, hxxp://curl.haxx.se/) P:\Avira\AntiVir Desktop\libcurl.dll
2013-01-25 00:55 - 2012-10-02 11:43 - 01302840 _____ (The OpenSSL Project, hxxp://www.openssl.org/) P:\Avira\AntiVir Desktop\LIBEAY32.dll
2013-01-25 00:55 - 2012-10-02 11:43 - 00271672 _____ (The OpenSSL Project, hxxp://www.openssl.org/) P:\Avira\AntiVir Desktop\SSLEAY32.dll
2013-01-25 00:55 - 2012-10-02 11:43 - 00187704 _____ (Apache Software Foundation) P:\Avira\AntiVir Desktop\libaprutil-1.dll
2013-01-25 00:55 - 2012-10-02 11:43 - 00033592 _____ (Apache Software Foundation) P:\Avira\AntiVir Desktop\libapriconv-1.dll
2013-01-25 00:55 - 2012-10-02 11:43 - 00138040 _____ (Apache Software Foundation) P:\Avira\AntiVir Desktop\libapr-1.dll
2013-01-25 00:55 - 2013-09-03 13:15 - 00023608 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avwinll.dll
2013-01-25 00:55 - 2013-08-24 09:47 - 00201081 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aecore.dll
2013-01-25 00:55 - 2013-06-13 17:31 - 00102774 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aevdf.dll
2013-01-25 00:55 - 2013-09-07 06:04 - 00516478 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aescript.dll
2013-01-25 00:55 - 2013-03-26 20:09 - 00131446 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aescn.dll
2013-01-25 00:55 - 2013-08-24 09:47 - 01245560 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aesbx.dll
2013-01-25 00:55 - 2013-06-13 17:31 - 00688504 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aerdl.dll
2013-01-25 00:55 - 2013-06-20 19:56 - 00749945 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aepack.dll
2013-01-25 00:55 - 2013-08-20 15:44 - 00205181 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aeoffice.dll
2013-01-25 00:55 - 2013-09-07 06:04 - 06148474 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aeheur.dll
2013-01-25 00:55 - 2013-08-27 19:40 - 00266617 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aehelp.dll
2013-01-25 00:55 - 2013-09-07 06:04 - 00446839 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aegen.dll
2013-01-25 00:55 - 2013-09-07 06:04 - 00323959 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aeexp.dll
2013-01-25 00:55 - 2012-09-19 15:42 - 00393587 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aeemu.dll
2013-01-25 00:55 - 2012-11-05 16:00 - 00053619 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\aebb.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00312888 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\gpavgio.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00078392 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avgio.dll
2013-01-25 00:55 - 2013-09-03 13:15 - 00134200 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\avesvc.dll
2013-01-25 00:55 - 2013-09-03 13:15 - 00188984 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\msgclient.dll
2013-01-25 00:55 - 2013-09-03 13:15 - 00014392 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\avesvcr.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00043064 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\guardmsg.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00250424 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\avreg.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00048184 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avpref.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00749112 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\ccwkrlib.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00349752 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\ccguard.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00029240 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\ccgrdrc.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00229432 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\ccgrdw.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00419384 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\ccwgrd.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00807992 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\ccgen.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00049720 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\ccgenrc.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00220216 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\ccupdate.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00028728 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\ccupdrc.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00083000 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\cclic.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00009784 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\cclicrc.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00237624 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\ccmsg.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00010296 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\ccmsgrc.dll
2013-01-25 00:55 - 2013-09-03 13:15 - 04786744 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\rcimage.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00014392 _____ (Avira Operations GmbH & Co. KG) p:\avira\antivir desktop\ccmainrc.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00212536 _____ (Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\ccupdw.dll
2013-08-20 23:05 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-31 09:30 - 2013-08-24 19:49 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
2013-08-31 09:30 - 2013-08-24 19:49 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
2013-08-31 09:30 - 2013-08-24 19:48 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ffmpegsumo.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 00201648 _____ (Facebook, Inc.) C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
2013-08-31 09:30 - 2013-08-24 19:49 - 13594064 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
2012-04-04 07:53 - 2012-04-04 07:53 - 00249232 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2010-11-16 06:02 - 2010-11-16 06:02 - 01839104 _____ (RSA - The Security Division of EMC) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\cryptocme2.dll
2010-11-16 06:02 - 2010-11-16 06:02 - 01785856 _____ (RSA - The Security Division of EMC) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\ccme_base.dll
2009-07-14 02:10 - 2009-07-14 03:16 - 00316928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2013-01-19 10:56 - 1998-05-28 06:01 - 00434176 _____ (Eastman Kodak Company) P:\Jasc Paint Shop Pro 5\D120_151.dll
2013-01-19 10:56 - 1998-05-28 06:01 - 00014336 _____ () P:\Jasc Paint Shop Pro 5\JCAP32.dll
2013-01-19 10:56 - 1998-05-28 06:01 - 00073728 _____ () P:\Jasc Paint Shop Pro 5\JCMYK.dll
2013-01-19 10:56 - 1998-05-28 06:01 - 00047104 _____ (Jasc Software, Inc) P:\Jasc Paint Shop Pro 5\JMEM.DLL
2013-01-19 10:56 - 1998-05-28 06:01 - 00663552 _____ (Jasc Software, Inc.) P:\Jasc Paint Shop Pro 5\JFF.dll
2013-01-19 10:56 - 1998-05-28 06:01 - 00332800 _____ () P:\Jasc Paint Shop Pro 5\Fpxlib.dll
2013-01-19 10:56 - 1998-05-28 06:01 - 00122880 _____ () P:\Jasc Paint Shop Pro 5\JPEGLib.dll
2013-01-19 10:56 - 1998-05-28 06:01 - 00212480 _____ (Eastman Kodak) P:\Jasc Paint Shop Pro 5\PCDLIB32.dll
2013-01-19 10:56 - 1998-05-28 06:01 - 00054784 _____ (Jasc Software, Inc.) P:\Jasc Paint Shop Pro 5\JLEM7.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00833024 _____ (Microsoft Corporation) C:\Windows\syswow64\user32.DLL
2011-10-14 13:14 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\syswow64\oleaut32.dll
2013-08-20 15:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\syswow64\wintrust.dll
2009-07-14 01:42 - 2009-07-14 03:14 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscript.ocx
2009-07-14 01:15 - 2009-07-14 03:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\PSAPI.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2013-08-20 23:05 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-01-25 00:55 - 2013-09-03 13:16 - 00749112 _____ (Avira Operations GmbH & Co. KG) P:\avira\antivir desktop\ccwkrlib.dll
==================== Alternate Data Streams (whitelisted) ==========
==================== Faulty Device Manager Devices =============
Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: USB camera
Description: USB camera
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/03/2013 07:14:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011380
ID des fehlerhaften Prozesses: 0x196c
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (08/23/2013 07:25:50 PM) (Source: Google Update) (User: Gabriela-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
Error: (07/20/2013 10:21:16 AM) (Source: Google Update) (User: Gabriela-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
Error: (07/20/2013 10:18:19 AM) (Source: Google Update) (User: Gabriela-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
Error: (04/04/2013 09:58:10 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Paint Shop Pro.exe, Version: 8.0.3.0, Zeitstempel: 0x3f0af660
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015, Zeitstempel: 0x50b83c8a
Ausnahmecode: 0xc0000002
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0xf50
Startzeit der fehlerhaften Anwendung: 0xPaint Shop Pro.exe0
Pfad der fehlerhaften Anwendung: Paint Shop Pro.exe1
Pfad des fehlerhaften Moduls: Paint Shop Pro.exe2
Berichtskennung: Paint Shop Pro.exe3
Error: (03/03/2013 10:13:17 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: P:\Kies\Kies.exe . Error code = 0x800700d8
Error: (03/03/2013 10:13:16 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: P:\Kies\Kies.exe . Error code = 0x800700d8
Error: (01/25/2013 00:50:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab KLMOUFLT.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (01/25/2013 00:50:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (01/25/2013 00:50:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary kl2.
System Error:
Das System kann die angegebene Datei nicht finden.
.
System errors:
=============
Error: (09/02/2013 06:01:18 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error: (09/02/2013 06:00:48 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/31/2013 01:54:31 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 904.
Error: (08/27/2013 07:39:50 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 12.
Error: (07/30/2013 08:30:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/30/2013 08:30:22 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.
Error: (07/28/2013 00:04:44 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (07/28/2013 00:04:44 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 12.
Error: (07/27/2013 04:41:03 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 12.
Error: (07/27/2013 04:41:03 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Microsoft Office Sessions:
=========================
Error: (09/03/2013 07:14:46 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500011380196c01cea8c90d09e367P:\Avira\AntiVir Desktop\avnotify.exeP:\Avira\AntiVir Desktop\avnotify.exe54c233e8-14bc-11e3-866b-a60f3b584393
Error: (08/23/2013 07:25:50 PM) (Source: Google Update)(User: Gabriela-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
Error: (07/20/2013 10:21:16 AM) (Source: Google Update)(User: Gabriela-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
Error: (07/20/2013 10:18:19 AM) (Source: Google Update)(User: Gabriela-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
Error: (04/04/2013 09:58:10 AM) (Source: Application Error)(User: )
Description: Paint Shop Pro.exe8.0.3.03f0af660KERNELBASE.dll6.1.7601.1801550b83c8ac00000020000c41ff5001ce3109a461feb8P:\Jasc Paint Shop Pro 8\Paint Shop Pro.exeC:\Windows\syswow64\KERNELBASE.dll63dd9076-9cfd-11e2-8e47-ab12d7b6865d
Error: (03/03/2013 10:13:17 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: P:\Kies\Kies.exe . Error code = 0x800700d8
P:\Kies\Kies.exe
Error: (03/03/2013 10:13:16 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: P:\Kies\Kies.exe . Error code = 0x800700d8
P:\Kies\Kies.exe
Error: (01/25/2013 00:50:25 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab KLMOUFLT.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (01/25/2013 00:50:25 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (01/25/2013 00:50:25 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary kl2.
System Error:
Das System kann die angegebene Datei nicht finden.
CodeIntegrity Errors:
===================================
Date: 2013-03-02 23:17:34.690
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-02 23:17:34.644
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-02 23:17:32.561
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-02 23:17:32.516
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-02 23:17:30.439
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-02 23:17:30.391
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-02 23:17:28.332
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-02 23:17:28.289
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-02 23:17:26.235
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-02 23:17:26.190
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 59%
Total physical RAM: 3545.07 MB
Available physical RAM: 1439.56 MB
Total Pagefile: 7088.32 MB
Available Pagefile: 3480.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:97.66 GB) (Free:56.55 GB) NTFS
Drive d: (Daten) (Fixed) (Total:51.51 GB) (Free:44.61 GB) NTFS
Drive e: (Ohne Titel Medium) (CDROM) (Total:0.03 GB) (Free:0 GB) UDF
Drive f: (Fotos) (Fixed) (Total:97.65 GB) (Free:53.73 GB) NTFS
Drive g: (Grafiken) (Fixed) (Total:48.83 GB) (Free:47.74 GB) NTFS
Drive p: (Programme) (Fixed) (Total:195.31 GB) (Free:191.7 GB) NTFS
Drive r: (Rest) (Fixed) (Total:292.97 GB) (Free:280.77 GB) NTFS
Drive s: (Sounds) (Fixed) (Total:48.83 GB) (Free:43.1 GB) NTFS
Drive u: () (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive v: (Videos) (Fixed) (Total:97.66 GB) (Free:71.96 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 17AA74B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=834 GB) - (Type=OF Extended)
==================== End Of Log ============================
Achillia |
|
07.09.2013, 12:39
| #4 | |
| /// the machine /// TB-Ausbilder | neue Tabs mit Werbung in Google ChromeCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.09.2013, 19:53
| #5 |
| | neue Tabs mit Werbung in Google ChromeCode:
ATTFilter ComboFix 13-09-06.01 - Gabriela 07.09.2013 19:55:56.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3545.1878 [GMT 2:00]
ausgeführt von:: c:\users\Gabriela\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe
P:\Uninstall.exe
P:\WinRAR.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-07 bis 2013-09-07 ))))))))))))))))))))))))))))))
.
.
2013-09-07 18:05 . 2013-09-07 18:05 -------- d-----w- c:\users\Gabriela\AppData\Local\temp
2013-09-07 18:05 . 2013-09-07 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-07 07:12 . 2013-09-07 07:12 -------- d-----w- C:\FRST
2013-08-31 12:18 . 2013-08-31 12:18 -------- d-----w- c:\program files (x86)\Secure Banking
2013-08-25 18:16 . 2013-08-25 18:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-25 18:16 . 2013-08-25 18:16 -------- d-----w- c:\program files (x86)\Java
2013-08-23 17:51 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-23 17:51 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-23 17:51 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-23 17:51 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-23 17:51 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-23 17:51 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-23 17:51 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-23 17:51 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-23 17:51 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-23 17:51 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-23 17:51 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-20 14:21 . 2013-08-20 14:21 51992 ----a-w- c:\program files (x86)\WBDesktop.Updater.1.0.0.16.exe
2013-08-20 14:21 . 2013-08-20 14:21 -------- d-----w- c:\users\Gabriela\AppData\Roaming\Betcat
2013-08-20 13:51 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-03 11:16 . 2013-05-06 11:20 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-03 11:16 . 2013-03-30 10:37 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-09-03 11:16 . 2013-03-30 10:37 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-25 18:16 . 2012-01-25 20:13 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-08-25 18:16 . 2011-07-18 21:13 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-23 19:06 . 2011-12-01 21:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-23 19:06 . 2008-01-01 07:31 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 20:59 . 2011-07-18 20:31 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-20 13:40 . 2013-01-14 09:14 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-09 04:45 . 2013-08-23 17:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-08-20 13:40 3122864 ----a-w- c:\program files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll" [2013-08-20 3122864]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Gabriela\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Gabriela\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Gabriela\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HW_OPENEYE_OUC_Ge org Internet Manager"="p:\ge org internet manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"KiesPreload"="p:\kies\Kies.exe" [2013-02-13 1509232]
"Facebook Update"="c:\users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-06-30 138096]
"SecureBanking"="c:\program files (x86)\Secure Banking\SecureBanking.exe" [2012-09-10 372736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-04 630912]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-08-20 2314416]
"DataCardMonitor"="p:\ge org internet manager\DataCardMonitor.exe" [2013-01-08 253952]
"KiesTrayAgent"="p:\kies\KiesTrayAgent.exe" [2013-02-13 310128]
"avgnt"="p:\avira\AntiVir Desktop\avgnt.exe" [2013-09-03 347192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gabriela\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Facebook Messenger.lnk - c:\users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
Spamihilator.lnk - p:\spamihilator\spamihilator.exe [2013-1-25 2024960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;p:\avira\AntiVir Desktop\sched.exe;p:\avira\AntiVir Desktop\sched.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe;c:\program files (x86)\watchmi\TvdService.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-31 07:28 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2008-01-01 19:06]
.
2013-09-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002Core.job
- c:\users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-30 20:16]
.
2013-09-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002UA.job
- c:\users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-30 20:16]
.
2013-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07 13:34]
.
2013-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07 13:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Gabriela\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Gabriela\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Gabriela\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Gabriela\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-13 12452968]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=204C08863B1EB86C&affID=119357&tt=250613_gr2&tsp=4929
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - p:\micros~1\OFFICE11\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - p:\kies\KiesAirMessage.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk - c:\windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-WinRAR archiver - P:\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-07 20:21:47
ComboFix-quarantined-files.txt 2013-09-07 18:21
.
Vor Suchlauf: 6 Verzeichnis(se), 60.450.914.304 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 60.886.638.592 Bytes frei
.
- - End Of File - - 600B2ED32D0F359ABC17E1E0C23F6EBC
4624822E540EC83CD0819525C65846BA
Edit: keine Fehlermeldungen mehr. Starte jetzt Testbetrieb mit Google Chrome, den ich gerade wieder als Standard Browser festlegen musste. Werde berichten. Danke einstweilen für die schnelle und auch für mich gut verständliche Hilfe! LG, Achillia Geändert von Achillia (07.09.2013 um 20:10 Uhr) |
|
09.09.2013, 04:57
| #6 |
| /// the machine /// TB-Ausbilder | neue Tabs mit Werbung in Google Chrome Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> neue Tabs mit Werbung in Google Chrome |
|
09.09.2013, 05:40
| #7 |
| | neue Tabs mit Werbung in Google Chrome Hallo! Danke, ich muss das leider auf Raten machen: Nr. 1) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.09.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Gabriela :: GABRIELA-PC [Administrator] 09.09.2013 06:35:48 mbam-log-2013-09-09 (06-35-48).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228024 Laufzeit: 3 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=204C08863B1EB86C&affID=119357&tt=250613_gr2&tsp=4929) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 6 C:\Users\Gabriela\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gabriela\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gabriela\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 11 C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gabriela\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gabriela\AppData\Roaming\Betcat\WebCakeDesktop.exe (PUP.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WBDesktop.Updater.1.0.0.16.exe (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gabriela\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gabriela\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gabriela\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Achillia |
|
09.09.2013, 06:28
| #8 |
| /// the machine /// TB-Ausbilder | neue Tabs mit Werbung in Google Chrome ok 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.09.2013, 14:09
| #9 |
| | neue Tabs mit Werbung in Google Chrome Weiter gehts... Nr.2) Code:
ATTFilter # AdwCleaner v3.003 - Bericht erstellt am 09/09/2013 um 13:14:05
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Gabriela - GABRIELA-PC
# Gestartet von : C:\Users\Gabriela\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Gabriela\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Gabriela\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Gabriela\AppData\LocalLow\delta
Ordner Gelöscht : C:\Users\Gabriela\AppData\Roaming\Betcat
Ordner Gelöscht : C:\Users\Gabriela\AppData\Roaming\DSite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKCU\Software\596da8ab76fbf41
Schlüssel Gelöscht : HKLM\SOFTWARE\596da8ab76fbf41
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Google Chrome v29.0.1547.66
[ Datei : C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
*************************
AdwCleaner[R0].txt - [7807 octets] - [09/09/2013 13:13:07]
AdwCleaner[S0].txt - [7386 octets] - [09/09/2013 13:14:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7446 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gabriela on 09.09.2013 at 13:22:47,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2949166557-3930466050-1292464765-1002\Software\SweetIM
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{0BF3D0A9-0295-4395-8F67-1DE1B6AB6172}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{0DD21A3C-D85C-414B-B6EE-44B0E8EF9F34}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{0E6C9D81-20FC-4906-B70F-39C1434C9F92}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{42310DE9-6C72-41F2-8B55-AEBB156E3F55}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{48E13022-5423-4ADC-AC31-8CED5EF3D070}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{7035B5E2-B03E-4AE6-B682-C74FB7861796}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{733058E8-2DD2-43E7-A868-BB347147E562}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{7F691569-430B-4C8C-A501-DBFB89C0AB5B}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{8C892650-CC67-4C94-93BC-F40562EF5954}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{8D1D1990-6E46-4BA8-B92B-936D6283D789}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{AE48399C-46A9-4922-AC06-F4780E068811}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{C0A572E0-9F0F-4857-9A34-A74A70433C4D}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{CAD23017-01A9-4750-8439-98A94A001FC8}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{D108C59D-978A-4C21-92F0-EC123D7BFF55}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{D42E41E4-4FEA-431F-BD5C-DD66A3A1EEB3}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{DF2626ED-C38B-409F-8E83-AB28EB05AAC7}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{E66A10A5-2F7C-4B3A-A872-2743D52955B7}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{E72F540B-53FF-4996-9978-69E6A4F11450}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{F1498116-467E-4A0A-9458-00F3D32B1132}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{F91BC874-8EE2-4C54-BB67-48A9BB6A8274}
Successfully deleted: [Empty Folder] C:\Users\Gabriela\appdata\local\{FA1AA9BD-9E72-4350-9E56-94FE1D9FD7FD}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.09.2013 at 13:27:47,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 GLG, Achillia finally... FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013
Ran by Gabriela (administrator) on GABRIELA-PC on 09-09-2013 15:08:27
Running from C:\Users\Gabriela\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Huawei Technologies Co., Ltd.) C:\Users\Gabriela\AppData\Roaming\Ge org Internet Manager\ouc.exe
(Samsung) P:\Kies\Kies.exe
(Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe
(Dropbox, Inc.) C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Facebook) C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Michel Krämer) P:\Spamihilator\spamihilator.exe
(Samsung Electronics Co., Ltd.) P:\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Secure Banking\sbservice.exe
(Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [HW_OPENEYE_OUC_Ge org Internet Manager] - P:\Ge org Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [KiesPreload] - P:\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [Facebook Update] - C:\Users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-30] (Facebook Inc.)
HKCU\...\Run: [SecureBanking] - C:\Program Files (x86)\Secure Banking\SecureBanking.exe [372736 2012-09-10] (Secure Banking)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-20] ()
HKLM-x32\...\Run: [DataCardMonitor] - P:\Ge org Internet Manager\DataCardMonitor.exe [253952 2013-01-08] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] - P:\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] - P:\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs
Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> P:\Spamihilator\spamihilator.exe (Michel Krämer)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.at/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-05] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; P:\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; P:\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] ()
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-20] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation )
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-09 13:27 - 2013-09-09 13:27 - 00003315 _____ C:\Users\Gabriela\Desktop\JRT.txt
2013-09-09 13:22 - 2013-09-09 13:22 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 13:21 - 2013-09-09 13:21 - 01029490 _____ (Thisisu) C:\Users\Gabriela\Desktop\JRT.exe
2013-09-09 13:13 - 2013-09-09 13:14 - 00000000 ____D C:\AdwCleaner
2013-09-09 13:11 - 2013-09-09 13:11 - 01037278 _____ C:\Users\Gabriela\Downloads\adwcleaner.exe
2013-09-09 13:11 - 2013-09-09 13:11 - 01037278 _____ C:\Users\Gabriela\Desktop\adwcleaner.exe
2013-09-09 06:33 - 2013-09-09 06:33 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 06:33 - 2013-09-09 06:33 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Malwarebytes
2013-09-09 06:33 - 2013-09-09 06:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 06:33 - 2013-09-09 06:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 06:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 06:31 - 2013-09-09 06:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriela\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-07 20:22 - 2013-09-07 20:22 - 00023435 _____ C:\ComboFix.txt
2013-09-07 19:54 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-07 19:54 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-07 19:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-07 19:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-07 19:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-07 19:54 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-07 19:54 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-07 19:54 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-07 19:52 - 2013-09-07 20:22 - 00000000 ____D C:\Qoobox
2013-09-07 19:52 - 2013-09-07 20:17 - 00000000 ____D C:\Windows\erdnt
2013-09-07 19:36 - 2013-09-07 19:37 - 05120615 ____R (Swearware) C:\Users\Gabriela\Desktop\ComboFix.exe
2013-09-07 09:13 - 2013-09-07 09:15 - 00060633 _____ C:\Users\Gabriela\Desktop\Addition.txt
2013-09-07 09:12 - 2013-09-07 09:12 - 00000000 ____D C:\FRST
2013-09-07 06:36 - 2013-09-07 06:36 - 00092758 _____ C:\Users\Gabriela\Downloads\Extras.Txt
2013-09-07 06:35 - 2013-09-07 06:35 - 00091830 _____ C:\Users\Gabriela\Downloads\OTL.Txt
2013-09-07 06:25 - 2013-09-07 06:25 - 00602112 _____ (OldTimer Tools) C:\Users\Gabriela\Downloads\OTL.exe
2013-08-31 14:18 - 2013-08-31 14:18 - 00000000 ____D C:\Program Files (x86)\Secure Banking
2013-08-31 14:17 - 2013-08-31 14:18 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1 (2).rar
2013-08-31 14:17 - 2013-08-31 14:18 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\WinRAR
2013-08-31 14:17 - 2013-08-31 14:17 - 01609145 _____ C:\Users\Gabriela\Downloads\wrar420d.exe
2013-08-31 14:17 - 2013-08-31 14:17 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-31 14:15 - 2013-08-31 14:15 - 00483764 _____ C:\Users\Gabriela\Downloads\ARJ286.EXE
2013-08-31 14:13 - 2013-08-31 14:13 - 00414150 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.2.rar
2013-08-31 14:13 - 2013-08-31 14:13 - 00414150 _____ C:\Users\Gabriela\Downloads\1.5.2
2013-08-31 14:10 - 2013-08-31 14:10 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1 (1).rar
2013-08-31 14:09 - 2013-08-31 14:09 - 01110476 _____ C:\Users\Gabriela\Downloads\7z920.exe
2013-08-31 14:03 - 2013-08-31 14:03 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1.rar
2013-08-25 20:16 - 2013-08-25 20:16 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-25 20:16 - 2013-08-25 20:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-25 20:16 - 2013-08-25 20:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-25 20:16 - 2013-08-25 20:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-25 20:16 - 2013-08-25 20:16 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-23 19:51 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-23 19:51 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-23 19:51 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-23 19:51 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-23 19:51 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-23 19:51 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-23 19:51 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-23 19:51 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-23 19:51 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-23 19:51 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-23 19:51 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-20 23:05 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-20 23:05 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-20 23:05 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-20 23:05 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-20 23:05 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-20 23:05 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-20 23:05 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-20 23:05 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-20 23:05 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-20 23:05 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-20 23:05 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-20 23:05 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-20 15:52 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-20 15:52 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-20 15:52 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-20 15:52 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-20 15:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-20 15:52 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-20 15:52 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-20 15:52 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-20 15:52 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-20 15:52 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-20 15:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-20 15:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-20 15:52 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-20 15:52 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-20 15:52 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-20 15:51 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
==================== One Month Modified Files and Folders =======
2013-09-09 15:06 - 2013-09-09 15:06 - 01948948 _____ (Farbar) C:\Users\Gabriela\Desktop\FRST64.exe
2013-09-09 15:06 - 2008-01-01 09:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-09 14:53 - 2013-01-25 00:51 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Spamihilator
2013-09-09 14:23 - 2013-01-07 15:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-09 13:27 - 2013-09-09 13:27 - 00003315 _____ C:\Users\Gabriela\Desktop\JRT.txt
2013-09-09 13:24 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-09 13:24 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-09 13:22 - 2013-09-09 13:22 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 13:21 - 2013-09-09 13:21 - 01029490 _____ (Thisisu) C:\Users\Gabriela\Desktop\JRT.exe
2013-09-09 13:21 - 2013-06-30 22:16 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002UA.job
2013-09-09 13:21 - 2011-05-16 16:04 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-09-09 13:21 - 2011-05-16 16:04 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-09-09 13:21 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 13:17 - 2013-03-20 22:11 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Dropbox
2013-09-09 13:17 - 2013-01-07 15:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-09 13:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 13:16 - 2009-07-14 06:51 - 00201241 _____ C:\Windows\setupact.log
2013-09-09 13:14 - 2013-09-09 13:13 - 00000000 ____D C:\AdwCleaner
2013-09-09 13:14 - 2013-01-07 15:33 - 01869076 _____ C:\Windows\WindowsUpdate.log
2013-09-09 13:11 - 2013-09-09 13:11 - 01037278 _____ C:\Users\Gabriela\Downloads\adwcleaner.exe
2013-09-09 13:11 - 2013-09-09 13:11 - 01037278 _____ C:\Users\Gabriela\Desktop\adwcleaner.exe
2013-09-09 06:47 - 2010-11-21 05:47 - 00021388 _____ C:\Windows\PFRO.log
2013-09-09 06:38 - 2013-06-30 22:16 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002Core.job
2013-09-09 06:33 - 2013-09-09 06:33 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 06:33 - 2013-09-09 06:33 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Malwarebytes
2013-09-09 06:33 - 2013-09-09 06:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 06:33 - 2013-09-09 06:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 06:31 - 2013-09-09 06:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriela\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-08 12:26 - 2013-01-07 15:34 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-07 20:22 - 2013-09-07 20:22 - 00023435 _____ C:\ComboFix.txt
2013-09-07 20:22 - 2013-09-07 19:52 - 00000000 ____D C:\Qoobox
2013-09-07 20:22 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-07 20:17 - 2013-09-07 19:52 - 00000000 ____D C:\Windows\erdnt
2013-09-07 20:07 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-07 19:37 - 2013-09-07 19:36 - 05120615 ____R (Swearware) C:\Users\Gabriela\Desktop\ComboFix.exe
2013-09-07 09:15 - 2013-09-07 09:13 - 00060633 _____ C:\Users\Gabriela\Desktop\Addition.txt
2013-09-07 09:12 - 2013-09-07 09:12 - 00000000 ____D C:\FRST
2013-09-07 06:36 - 2013-09-07 06:36 - 00092758 _____ C:\Users\Gabriela\Downloads\Extras.Txt
2013-09-07 06:35 - 2013-09-07 06:35 - 00091830 _____ C:\Users\Gabriela\Downloads\OTL.Txt
2013-09-07 06:25 - 2013-09-07 06:25 - 00602112 _____ (OldTimer Tools) C:\Users\Gabriela\Downloads\OTL.exe
2013-09-07 06:04 - 2013-07-27 10:16 - 00000072 _____ C:\Users\Gabriela\AppData\Roaming\WB.CFG
2013-09-07 06:04 - 2013-06-30 10:16 - 00000005 _____ C:\Users\Gabriela\AppData\Roaming\WBPU-TTL.DAT
2013-09-03 13:16 - 2013-05-06 13:20 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-03 13:16 - 2013-03-30 12:37 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-03 13:16 - 2013-03-30 12:37 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-31 14:18 - 2013-08-31 14:18 - 00000000 ____D C:\Program Files (x86)\Secure Banking
2013-08-31 14:18 - 2013-08-31 14:17 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1 (2).rar
2013-08-31 14:18 - 2013-08-31 14:17 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\WinRAR
2013-08-31 14:17 - 2013-08-31 14:17 - 01609145 _____ C:\Users\Gabriela\Downloads\wrar420d.exe
2013-08-31 14:17 - 2013-08-31 14:17 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-31 14:15 - 2013-08-31 14:15 - 00483764 _____ C:\Users\Gabriela\Downloads\ARJ286.EXE
2013-08-31 14:13 - 2013-08-31 14:13 - 00414150 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.2.rar
2013-08-31 14:13 - 2013-08-31 14:13 - 00414150 _____ C:\Users\Gabriela\Downloads\1.5.2
2013-08-31 14:10 - 2013-08-31 14:10 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1 (1).rar
2013-08-31 14:09 - 2013-08-31 14:09 - 01110476 _____ C:\Users\Gabriela\Downloads\7z920.exe
2013-08-31 14:03 - 2013-08-31 14:03 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1.rar
2013-08-25 20:16 - 2013-08-25 20:16 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-25 20:16 - 2013-08-25 20:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-25 20:16 - 2013-08-25 20:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-25 20:16 - 2013-08-25 20:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-25 20:16 - 2013-08-25 20:16 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-25 20:16 - 2012-01-25 22:13 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-08-25 20:16 - 2011-07-18 23:13 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-25 20:06 - 2013-01-19 10:47 - 00000000 ____D C:\Users\Gabriela\Documents\My PSP8 Files
2013-08-23 21:06 - 2011-12-01 23:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-23 21:06 - 2008-01-01 09:31 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-23 21:06 - 2008-01-01 09:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 14:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-20 23:01 - 2013-07-20 23:02 - 00000000 ____D C:\Windows\system32\MRT
2013-08-20 22:59 - 2011-07-18 22:31 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-20 22:59 - 2009-07-14 04:34 - 00000533 _____ C:\Windows\win.ini
2013-08-20 15:40 - 2013-01-14 11:14 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
Files to move or delete:
====================
C:\Users\Gabriela\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-02 18:02
==================== End Of Log ============================
--- --- --- LG, Achillia |
|
09.09.2013, 17:27
| #10 |
| /// the machine /// TB-Ausbilder | neue Tabs mit Werbung in Google ChromeESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.09.2013, 21:56
| #11 |
| | neue Tabs mit Werbung in Google Chrome oky... wieder auf Raten Nr.1) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f28682c1dda5da43af875747926f4fa9
# engine=15064
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-09 08:03:03
# local_time=2013-09-09 10:03:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 32070 244180273 24853 0
# compatibility_mode=5893 16776574 100 94 5282121 130386833 0 0
# scanned=225869
# found=0
# cleaned=0
# scan_time=3249
Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.3 Adobe Reader out of Date! Google Chrome 29.0.1547.62 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Gabriela (administrator) on GABRIELA-PC on 09-09-2013 22:54:15
Running from C:\Users\Gabriela\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avshadow.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) P:\Kies\Kies.exe
(Secure Banking) C:\Program Files (x86)\Secure Banking\SecureBanking.exe
(Huawei Technologies Co., Ltd.) C:\Users\Gabriela\AppData\Roaming\Ge org Internet Manager\ouc.exe
(Dropbox, Inc.) C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Facebook) C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Michel Krämer) P:\Spamihilator\spamihilator.exe
(Samsung Electronics Co., Ltd.) P:\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) P:\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Secure Banking\sbservice.exe
(Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) P:\Microsoft Office 2003\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Gabriela\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [HW_OPENEYE_OUC_Ge org Internet Manager] - P:\Ge org Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [KiesPreload] - P:\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [Facebook Update] - C:\Users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-30] (Facebook Inc.)
HKCU\...\Run: [SecureBanking] - C:\Program Files (x86)\Secure Banking\SecureBanking.exe [372736 2012-09-10] (Secure Banking)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-20] ()
HKLM-x32\...\Run: [DataCardMonitor] - P:\Ge org Internet Manager\DataCardMonitor.exe [253952 2013-01-08] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] - P:\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] - P:\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs
Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gabriela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Gabriela\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> P:\Spamihilator\spamihilator.exe (Michel Krämer)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.at/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-05] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; P:\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; P:\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] ()
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-20] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation )
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-09 22:45 - 2013-09-09 22:45 - 00891144 _____ C:\Users\Gabriela\Desktop\SecurityCheck.exe
2013-09-09 21:04 - 2013-09-09 21:04 - 02347384 _____ (ESET) C:\Users\Gabriela\Downloads\esetsmartinstaller_enu.exe
2013-09-09 13:27 - 2013-09-09 13:27 - 00003315 _____ C:\Users\Gabriela\Desktop\JRT.txt
2013-09-09 13:22 - 2013-09-09 13:22 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 13:21 - 2013-09-09 13:21 - 01029490 _____ (Thisisu) C:\Users\Gabriela\Desktop\JRT.exe
2013-09-09 13:13 - 2013-09-09 13:14 - 00000000 ____D C:\AdwCleaner
2013-09-09 13:11 - 2013-09-09 13:11 - 01037278 _____ C:\Users\Gabriela\Downloads\adwcleaner.exe
2013-09-09 13:11 - 2013-09-09 13:11 - 01037278 _____ C:\Users\Gabriela\Desktop\adwcleaner.exe
2013-09-09 06:33 - 2013-09-09 06:33 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 06:33 - 2013-09-09 06:33 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Malwarebytes
2013-09-09 06:33 - 2013-09-09 06:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 06:33 - 2013-09-09 06:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 06:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 06:31 - 2013-09-09 06:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriela\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-07 20:22 - 2013-09-07 20:22 - 00023435 _____ C:\ComboFix.txt
2013-09-07 19:54 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-07 19:54 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-07 19:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-07 19:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-07 19:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-07 19:54 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-07 19:54 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-07 19:54 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-07 19:52 - 2013-09-07 20:22 - 00000000 ____D C:\Qoobox
2013-09-07 19:52 - 2013-09-07 20:17 - 00000000 ____D C:\Windows\erdnt
2013-09-07 19:36 - 2013-09-07 19:37 - 05120615 ____R (Swearware) C:\Users\Gabriela\Desktop\ComboFix.exe
2013-09-07 09:13 - 2013-09-07 09:15 - 00060633 _____ C:\Users\Gabriela\Desktop\Addition.txt
2013-09-07 09:12 - 2013-09-07 09:12 - 00000000 ____D C:\FRST
2013-09-07 06:36 - 2013-09-07 06:36 - 00092758 _____ C:\Users\Gabriela\Downloads\Extras.Txt
2013-09-07 06:35 - 2013-09-07 06:35 - 00091830 _____ C:\Users\Gabriela\Downloads\OTL.Txt
2013-09-07 06:25 - 2013-09-07 06:25 - 00602112 _____ (OldTimer Tools) C:\Users\Gabriela\Downloads\OTL.exe
2013-08-31 14:18 - 2013-08-31 14:18 - 00000000 ____D C:\Program Files (x86)\Secure Banking
2013-08-31 14:17 - 2013-08-31 14:18 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1 (2).rar
2013-08-31 14:17 - 2013-08-31 14:18 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\WinRAR
2013-08-31 14:17 - 2013-08-31 14:17 - 01609145 _____ C:\Users\Gabriela\Downloads\wrar420d.exe
2013-08-31 14:17 - 2013-08-31 14:17 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-31 14:15 - 2013-08-31 14:15 - 00483764 _____ C:\Users\Gabriela\Downloads\ARJ286.EXE
2013-08-31 14:13 - 2013-08-31 14:13 - 00414150 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.2.rar
2013-08-31 14:13 - 2013-08-31 14:13 - 00414150 _____ C:\Users\Gabriela\Downloads\1.5.2
2013-08-31 14:10 - 2013-08-31 14:10 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1 (1).rar
2013-08-31 14:09 - 2013-08-31 14:09 - 01110476 _____ C:\Users\Gabriela\Downloads\7z920.exe
2013-08-31 14:03 - 2013-08-31 14:03 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1.rar
2013-08-25 20:16 - 2013-08-25 20:16 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-25 20:16 - 2013-08-25 20:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-25 20:16 - 2013-08-25 20:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-25 20:16 - 2013-08-25 20:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-25 20:16 - 2013-08-25 20:16 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-23 19:51 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-23 19:51 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-23 19:51 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-23 19:51 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-23 19:51 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-23 19:51 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-23 19:51 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-23 19:51 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-23 19:51 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-23 19:51 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-23 19:51 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-20 23:05 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-20 23:05 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-20 23:05 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-20 23:05 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-20 23:05 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-20 23:05 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-20 23:05 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-20 23:05 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-20 23:05 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-20 23:05 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-20 23:05 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-20 23:05 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-20 23:05 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-20 23:05 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-20 15:52 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-20 15:52 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-20 15:52 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-20 15:52 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-20 15:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-20 15:52 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-20 15:52 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-20 15:52 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-20 15:52 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-20 15:52 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-20 15:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-20 15:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-20 15:52 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-20 15:52 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-20 15:52 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-20 15:51 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
==================== One Month Modified Files and Folders =======
2013-09-09 22:53 - 2013-09-09 22:53 - 01949196 _____ (Farbar) C:\Users\Gabriela\Desktop\FRST64.exe
2013-09-09 22:45 - 2013-09-09 22:45 - 00891144 _____ C:\Users\Gabriela\Desktop\SecurityCheck.exe
2013-09-09 22:23 - 2013-01-07 15:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-09 22:21 - 2013-06-30 22:16 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002UA.job
2013-09-09 22:21 - 2013-06-30 22:16 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2949166557-3930466050-1292464765-1002Core.job
2013-09-09 22:06 - 2008-01-01 09:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-09 21:47 - 2013-01-25 00:51 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Spamihilator
2013-09-09 21:04 - 2013-09-09 21:04 - 02347384 _____ (ESET) C:\Users\Gabriela\Downloads\esetsmartinstaller_enu.exe
2013-09-09 20:49 - 2013-01-07 15:33 - 01873094 _____ C:\Windows\WindowsUpdate.log
2013-09-09 15:21 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-09 15:21 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-09 15:18 - 2011-05-16 16:04 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-09-09 15:18 - 2011-05-16 16:04 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-09-09 15:18 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 15:16 - 2013-03-20 22:11 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Dropbox
2013-09-09 15:16 - 2013-01-07 15:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-09 15:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 15:14 - 2009-07-14 06:51 - 00201297 _____ C:\Windows\setupact.log
2013-09-09 13:27 - 2013-09-09 13:27 - 00003315 _____ C:\Users\Gabriela\Desktop\JRT.txt
2013-09-09 13:22 - 2013-09-09 13:22 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 13:21 - 2013-09-09 13:21 - 01029490 _____ (Thisisu) C:\Users\Gabriela\Desktop\JRT.exe
2013-09-09 13:14 - 2013-09-09 13:13 - 00000000 ____D C:\AdwCleaner
2013-09-09 13:11 - 2013-09-09 13:11 - 01037278 _____ C:\Users\Gabriela\Downloads\adwcleaner.exe
2013-09-09 13:11 - 2013-09-09 13:11 - 01037278 _____ C:\Users\Gabriela\Desktop\adwcleaner.exe
2013-09-09 06:47 - 2010-11-21 05:47 - 00021388 _____ C:\Windows\PFRO.log
2013-09-09 06:33 - 2013-09-09 06:33 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-09 06:33 - 2013-09-09 06:33 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Malwarebytes
2013-09-09 06:33 - 2013-09-09 06:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 06:33 - 2013-09-09 06:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 06:31 - 2013-09-09 06:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriela\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-08 12:26 - 2013-01-07 15:34 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-07 20:22 - 2013-09-07 20:22 - 00023435 _____ C:\ComboFix.txt
2013-09-07 20:22 - 2013-09-07 19:52 - 00000000 ____D C:\Qoobox
2013-09-07 20:22 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-07 20:17 - 2013-09-07 19:52 - 00000000 ____D C:\Windows\erdnt
2013-09-07 20:07 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-07 19:37 - 2013-09-07 19:36 - 05120615 ____R (Swearware) C:\Users\Gabriela\Desktop\ComboFix.exe
2013-09-07 09:15 - 2013-09-07 09:13 - 00060633 _____ C:\Users\Gabriela\Desktop\Addition.txt
2013-09-07 09:12 - 2013-09-07 09:12 - 00000000 ____D C:\FRST
2013-09-07 06:36 - 2013-09-07 06:36 - 00092758 _____ C:\Users\Gabriela\Downloads\Extras.Txt
2013-09-07 06:35 - 2013-09-07 06:35 - 00091830 _____ C:\Users\Gabriela\Downloads\OTL.Txt
2013-09-07 06:25 - 2013-09-07 06:25 - 00602112 _____ (OldTimer Tools) C:\Users\Gabriela\Downloads\OTL.exe
2013-09-07 06:04 - 2013-07-27 10:16 - 00000072 _____ C:\Users\Gabriela\AppData\Roaming\WB.CFG
2013-09-07 06:04 - 2013-06-30 10:16 - 00000005 _____ C:\Users\Gabriela\AppData\Roaming\WBPU-TTL.DAT
2013-09-03 13:16 - 2013-05-06 13:20 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-03 13:16 - 2013-03-30 12:37 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-03 13:16 - 2013-03-30 12:37 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-31 14:18 - 2013-08-31 14:18 - 00000000 ____D C:\Program Files (x86)\Secure Banking
2013-08-31 14:18 - 2013-08-31 14:17 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1 (2).rar
2013-08-31 14:18 - 2013-08-31 14:17 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\WinRAR
2013-08-31 14:17 - 2013-08-31 14:17 - 01609145 _____ C:\Users\Gabriela\Downloads\wrar420d.exe
2013-08-31 14:17 - 2013-08-31 14:17 - 00000000 ____D C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-31 14:15 - 2013-08-31 14:15 - 00483764 _____ C:\Users\Gabriela\Downloads\ARJ286.EXE
2013-08-31 14:13 - 2013-08-31 14:13 - 00414150 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.2.rar
2013-08-31 14:13 - 2013-08-31 14:13 - 00414150 _____ C:\Users\Gabriela\Downloads\1.5.2
2013-08-31 14:10 - 2013-08-31 14:10 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1 (1).rar
2013-08-31 14:09 - 2013-08-31 14:09 - 01110476 _____ C:\Users\Gabriela\Downloads\7z920.exe
2013-08-31 14:03 - 2013-08-31 14:03 - 00399347 _____ C:\Users\Gabriela\Downloads\Secure Banking v1.5.1.rar
2013-08-25 20:16 - 2013-08-25 20:16 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-25 20:16 - 2013-08-25 20:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-25 20:16 - 2013-08-25 20:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-25 20:16 - 2013-08-25 20:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-25 20:16 - 2013-08-25 20:16 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-25 20:16 - 2012-01-25 22:13 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-08-25 20:16 - 2011-07-18 23:13 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-25 20:06 - 2013-01-19 10:47 - 00000000 ____D C:\Users\Gabriela\Documents\My PSP8 Files
2013-08-23 21:06 - 2011-12-01 23:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-23 21:06 - 2008-01-01 09:31 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-23 21:06 - 2008-01-01 09:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 14:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-20 23:01 - 2013-07-20 23:02 - 00000000 ____D C:\Windows\system32\MRT
2013-08-20 22:59 - 2011-07-18 22:31 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-20 22:59 - 2009-07-14 04:34 - 00000533 _____ C:\Windows\win.ini
2013-08-20 15:40 - 2013-01-14 11:14 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
Files to move or delete:
====================
C:\Users\Gabriela\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-02 18:02
==================== End Of Log ============================
--- --- --- Ich glaube, ich habe schon seit vorgestern keine Probleme mehr. Herzlichen Dank für Deine schnelle und kompetente Hilfe!!GLG, Achillia |
|
10.09.2013, 08:25
| #12 |
| /// the machine /// TB-Ausbilder | neue Tabs mit Werbung in Google Chrome Adobe updaten. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.09.2013, 13:12
| #13 |
| | neue Tabs mit Werbung in Google Chrome Danke!!! Es ist alles erledigt und bisher sind keine Probleme mehr aufgetreten. Danke auch für die Tipps und Empfehlungen, das wäre nämlich meine nächste Frage gewesen, wie ich mich besser schützen kann. Liebe Grüsse, Achillia |
|
10.09.2013, 14:11
| #14 |
| /// the machine /// TB-Ausbilder | neue Tabs mit Werbung in Google Chrome Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
